Description of problem: After doing the major upgrade in the undercloud from 9 to 10, i cannot enter by ssh to the undercloud anymore. The issue is caused by selinux, because there is a wrong context for /home/stack/.ssh/authorized_keys: cd /home/stack/.ssh/ [root@undercloud .ssh]# ls -lZ authorized_keys -rw-------. stack stack system_u:object_r:unlabeled_t:s0 authorized_keys [root@undercloud .ssh]# restorecon authorized_keys Full path required for exclude: net:[4026532200]. Full path required for exclude: net:[4026532200]. [root@undercloud .ssh]# ls -lZ authorized_keys -rw-------. stack stack system_u:object_r:ssh_home_t:s0 authorized_keys After properly restoring the context, that needs to be ssh_home_t (not unlabeled_t), i can ssh to the undercloud again.
To clarify, i come from previous versions, upgrading from 8->9 then 9->10. When i upgrade to 9, i see that the authorized_keys is also labeled incorrectly, with system_u:object_r:unlabeled_t:s0 . But it works, because selinux in 9 is set to Permissive. When going to 10, it's set to Enforcing, and this bad labeling is causing to loose access.
All the fixes are in place and they are so old that fixes should be available from the imports.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0921