Can't SSH into server after setting SELinux to enforcing

cratox · October 15, 2023, 3:51pm

I’ve tried everything from using audit2allow to create a new policy to setsebool but they don’t seem to work.

Here are my logs

Oct 15 10:39:28 [redacted] setroubleshoot[1769]: audit event#012node=[redacted].rocky type=AUC msg=audit(1697380768.125:219): auc:
denied
{ dyntransition } for
pid=1767 comm="sshd"
scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconf ined_r:un
confined_t:s0 tclass-process permissive=0#012#012node=[redacted] rocky type=SYSCALL msg=audit (1697380768.125:219): arch=c000003e s yscall=1 success=no exit=-13 a0=8 a1=55c03f846780 a2=2a a3=0 items=0 ppid=1755 pid=1767 auid=1000 uid=1000 gid=1000 euid=1000 su id=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=7 comm="sshd"
exe="/usr/sbin/sshd"
sub j=system_u:system_r:kernel_t:s0

Only thing for it is to run setenforce 0, but the brass wouldn’t settle.

jlehtone · October 15, 2023, 7:16pm

Default install has SELinux in enforcing mode and sshd runs. How does your setup differ and how does audit2why describe the sshd issues when SELinux is in permissive mode?

cratox · October 16, 2023, 4:21am

I solved it. These are the commands I ran

setenforce 0
dnf remove selinux-policy\*
rm -rf /etc/selinux/targeted /etc/selinux/config
reboot
dnf install selinux-policy-targeted
dnf install selinux-policy-devel policycoreutils
touch /.autorelabel
reboot

Basically uninstalling the policies, reinstalling them, and relabelling the file system did the trick