Description of problem: It seems that only on RHEL6, the SELinux context for the /root/.ssh/authorized_keys file on newly provisioned machines is set to admin_home_t, which is wrong. This breaks REX for me on new RHEL6 machines. A restorecon on that file reset the context to ssh_home_t and then it works. Version-Release number of selected component (if applicable): 6.2.0 beta How reproducible: Steps to Reproduce: 1. Provision new RHEL6 machine 2. Try and run a job 3. Actual results: Job fails, ausearch -sv no shows SELinux denial, label of /root/.ssh/authorized_keys is set to admin_home_t. Expected results: Job succeeds, label is set to ssh_home_t Additional info: RHEL5 and RHEL7 seem to work fine out of the box. I'm not sure the remote_execution_ssh_keys is at fault here, but the fact is that - for me at least - the mislabeling does break REX.
Created redmine issue http://projects.theforeman.org/issues/14899 from this bug
Moving to POST since upstream bug http://projects.theforeman.org/issues/14899 has been closed
[root@kbrhel68too ~]# ll -Z /root/.ssh/authorized_keys -rw-------. root root system_u:object_r:ssh_home_t:s0 /root/.ssh/authorized_keys ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.8 (Santiago) VERIFIED with sat62-snap(GA)-14.1
*** Bug 1344185 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501