[CentOS] SELinux upgrade

Thu Jan 19 14:53:41 UTC 2017
Gordon Messmer <gordon.messmer at gmail.com>

On 01/19/2017 12:43 AM, Marcin Trendota wrote:
> After recent system upgrade (this night) i lost access to two servers
> through SSH, because of change in SELinux policy - i have ssh there on
> different port and now it's gone.

Which release?  I also run ssh on an alternate port on one host, and 
that host didn't break following yesterday's updates.

Can you get the AVCs from /var/log/audit/audit.log?  What is currently 
the content of /etc/selinux/targeted/modules/active/ports.local?  Does 
it describe the same ports as the output of "semanage port -l -C"?

> Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to
> ensure persistency?

It should be.  You should see that port labeled in the file above.