View Issue Details

IDProjectCategoryView StatusLast Update
0018129CentOS-8selinux-policypublic2021-04-03 07:00
Reporterivanov17 Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentOSOS Version8.3
Product Version8.3.2011 
Summary0018129: restorecon set wrong SELinux context on /var/lib/git/.ssh
DescriptionWhen I try to restore SELinux contexts on /var/lib/git catalog, .ssh subdirectory is labeled as git_sys_content_t instead of labeling as ssh_home_t. It breaks access to .ssh/authorized_keys and because of that to git repositories.

Actual results:

# restorecon -rv /var/lib/git
Relabeled /var/lib/git from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:git_sys_content_t:s0
Relabeled /var/lib/git/.ssh from unconfined_u:object_r:ssh_home_t:s0 to unconfined_u:object_r:git_sys_content_t:s0
Steps To Reproduce1. mkdir /var/lib/git
2. mkdir /var/lib/git/.ssh
3. restorecon -rv /var/lib/git
Additional Information# rpm -q selinux-policy selinux-policy-targeted
selinux-policy-3.14.3-54.el8_3.2.noarch
selinux-policy-targeted-3.14.3-54.el8_3.2.noarch

# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 32

# uname -r
4.18.0-240.15.1.el8_3.x86_64

Also, I got the same results with Fedora 33 and reported this bug at Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1943635
Tags8.3, git, selinux, ssh

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-03-26 22:08 ivanov17 New Issue
2021-03-26 22:08 ivanov17 Tag Attached: 8.3
2021-03-26 22:08 ivanov17 Tag Attached: git
2021-03-26 22:08 ivanov17 Tag Attached: selinux
2021-03-26 22:08 ivanov17 Tag Attached: ssh