So, I haven't changed anything significant in how the F20 cloud images are generated from how the F19 ones were. But now, when I try to log into one after booting, cloud-init runs and appears to configure everything, but sshing in gives /bin/bash: Permission denied In the logs: Jul 19 14:56:50 localhost sshd[621]: ssh_selinux_change_context: setcon system_u:system_r:sshd_net_t:s0 from system_u:system_r:kernel_t:s0 failed with Permission denied [preauth] Jul 19 14:56:51 localhost sshd[621]: Accepted publickey for fedora from 192.168.77.1 port 40992 ssh2 Jul 19 14:56:51 localhost systemd: Starting user-1000.slice. Jul 19 14:56:51 localhost systemd: Created slice user-1000.slice. Jul 19 14:56:51 localhost systemd: Starting User Manager for 1000... Jul 19 14:56:51 localhost systemd: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted Jul 19 14:56:51 localhost systemd: Starting Session 1 of user fedora. Jul 19 14:56:51 localhost systemd-logind: New session 1 of user fedora. Jul 19 14:56:51 localhost systemd: Started Session 1 of user fedora. Jul 19 14:56:51 localhost systemd: Started User Manager for 1000. Jul 19 14:56:51 localhost sshd[621]: pam_unix(sshd:session): session opened for user fedora by (uid=0) Jul 19 14:56:51 localhost sshd[627]: ssh_selinux_copy_context: setcon failed with Permission denied Jul 19 14:56:51 localhost sshd[627]: Received disconnect from 192.168.77.1: 11: disconnected by user Jul 19 14:56:51 localhost sshd[621]: pam_unix(sshd:session): session closed for user fedora Jul 19 14:56:51 localhost systemd-logind: Removed session 1. Jul 19 14:56:51 localhost systemd: Stopping user-1000.slice. Jul 19 14:56:51 localhost systemd: Removed slice user-1000.slice Is this a policy bug? Something new which is failing on image build? Something else? -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
