Bug 499343
Summary: | SELinux prevents sshd from reading authorized_keys file and allowing private key authentication | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Oded Arbel <oded> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-05-06 11:43:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Oded Arbel
2009-05-06 09:29:05 UTC
This home directory is badly labeled. restorecon -R -v /home Or where ever the home directory is located. home_root_t is the label of the /home directory Individual directories under /home should be labeled user_home_dir_t The .ssh directory should be labeled user_ssh_home_t When a new user creates a .ssh directory (for example - using ssh-keygen) - what causes the labeling of the new directory? The problem here is the whole directory is mislabeled. If the whole directory was labeled incorrectly, I have no idea why. But a user running ssh-keygen in a directory labeled user_home_dir_t will probably not create the directory with the correct label. If you were running restorcond service, it would probably have labeled it correctly. We are working on solutions for users creating random files directories in the homedir and making sure they are labeled correctly. |