On 01/19/2017 12:43 AM, Marcin Trendota wrote:
After recent system upgrade (this night) i lost access to two servers through SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone.
Which release? I also run ssh on an alternate port on one host, and that host didn't break following yesterday's updates.
Can you get the AVCs from /var/log/audit/audit.log? What is currently the content of /etc/selinux/targeted/modules/active/ports.local? Does it describe the same ports as the output of "semanage port -l -C"?
Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to ensure persistency?
It should be. You should see that port labeled in the file above. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos