On 19/01/17 09:43, Marcin Trendota wrote:
Hello All
After recent system upgrade (this night) i lost access to two servers through SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone.
Thanks to puppet i was able to change SSH port back to default and log in, but is this expected behavior? I thought minor upgrade shouldn't break up things?
Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to ensure persistency?
It's normally enough, there is no need to do it again, except if it lost all custom settings and booleans. Something to try on a VM (setup CentOS 7.3.1611, modify it without updating it, verify that it works, and then update it) If problem can be reproduced, I'd say open a bug on bugs.centos.org *and* upstream bugzilla.redhat.com and link the two together