Description of problem: When trying to ssh it fails with: ssh -i /var/lib/zuul/.ssh/id_rsa zuul-worker@host packet_write_wait: Connection to host port 22: Broken pipe Version-Release number of selected component (if applicable): This is happening with a rawhide cloud image that is updated periodically. How reproducible: Using Fedora-Cloud-Base-Rawhide-20200313.n.0.x86_64.qcow2 Steps to Reproduce: 1. Create an user 2. Add public key 3. Try to ssh Actual results: ssh fail with 'Broken pipe' Expected results: ssh works Additional info: In audit.log there is: ``` type=CRYPTO_KEY_USER msg=audit(1584116606.362:316): pid=860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:e6:68:59:06:36:dc:c6:2b:64:90:e5:10:5c:88:d2:0f:7a:83:ef:d6:93:8c:d7:a5:ee:63:36:76:41:c0:dd:b1 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" type=USER_ACCT msg=audit(1584116606.384:317): pid=860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="zuul-worker" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="unset" type=CRYPTO_KEY_USER msg=audit(1584116606.392:318): pid=860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=861 suid=74 rport=59236 laddr=127.0.0.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=? res=success'UID="root" AUID="unset" SUID="sshd" type=CRED_ACQ msg=audit(1584116606.399:319): pid=860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="zuul-worker" exe="/usr/sbin/sshd" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'UID="root" AUID="unset" type=LOGIN msg=audit(1584116606.403:320): pid=860 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=8 res=1UID="root" OLD-AUID="unset" AUID="zuul-worker" type=AVC msg=audit(1584116606.405:321): avc: denied { create } for pid=860 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=netlink_selinux_socket permissive=0 type=ANOM_ABEND msg=audit(1584116606.406:322): auid=1000 uid=0 gid=0 ses=8 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 pid=860 comm="sshd" exe="/usr/sbin/sshd" sig=6 res=1AUID="zuul-worker" UID="root" GID="root" ```
Please update selinux-policy to selinux-policy-3.14.6-8.fc33 - https://koji.fedoraproject.org/koji/buildinfo?buildID=1477233 *** This bug has been marked as a duplicate of bug 1813023 ***