View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0018129 | CentOS-8 | selinux-policy | public | 2021-03-26 22:08 | 2021-04-03 07:00 |
| Reporter | ivanov17 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | x86_64 | OS | CentOS | OS Version | 8.3 |
| Product Version | 8.3.2011 | ||||
| Summary | 0018129: restorecon set wrong SELinux context on /var/lib/git/.ssh | ||||
| Description | When I try to restore SELinux contexts on /var/lib/git catalog, .ssh subdirectory is labeled as git_sys_content_t instead of labeling as ssh_home_t. It breaks access to .ssh/authorized_keys and because of that to git repositories. Actual results: # restorecon -rv /var/lib/git Relabeled /var/lib/git from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:git_sys_content_t:s0 Relabeled /var/lib/git/.ssh from unconfined_u:object_r:ssh_home_t:s0 to unconfined_u:object_r:git_sys_content_t:s0 | ||||
| Steps To Reproduce | 1. mkdir /var/lib/git 2. mkdir /var/lib/git/.ssh 3. restorecon -rv /var/lib/git | ||||
| Additional Information | # rpm -q selinux-policy selinux-policy-targeted selinux-policy-3.14.3-54.el8_3.2.noarch selinux-policy-targeted-3.14.3-54.el8_3.2.noarch # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 32 # uname -r 4.18.0-240.15.1.el8_3.x86_64 Also, I got the same results with Fedora 33 and reported this bug at Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1943635 | ||||
| Tags | 8.3, git, selinux, ssh | ||||
