Audit Logs with SELinux Messags
I’m post configuring a new RHEL 8 setup on my old PC and want to share some useful SELinux troubleshooting techniques.
How To Check Audit Logs for SELinux
I had a problem with SSH not accepting keys for login. Specifically, I wanted the keys to be in a non-standard /var/ssh/greys/authorized_keys location (instead of my homedir), but SSH daemon would just ignore this file.
I double checked permissions, restarted SSHd and eventuall realised that the issue must have been due to SELinux. So I went to inspect the audit logs.
Red Hat Enterprise Linux puts audit logs into /var/log/audit directory. If you’re looking for SELinux issues, just grep for denied – it will show you everything that has recently been blocked:
I also highlighted the likely problem: SSH daemon is running under sshd_t context, but files in /var/ssh/ directories inherited standard var_t context.
Just to be sure, I checked the context on the default /home/greys/.ssh/authorized_keys file:
That’s the answer! We need to change /var/ssh/greys/authorized_keys file to the ssh_home_t context.
Updating SELinux context for a file
First, let’s change the SELinux context:
… and now we relabel the actual file:
That’s it – after that my logins using SSH keys started working just fine. Hope you find this example useful!