Until recently I came across a situation where I was working with automount with non nfs protocol storage type ie Fsx Lustre in AWS where I found a weird issue on the automounted home directories and whenever users are trying to set up key-less access with their public keys, Selinux just dispelling it out as Selinux is in enforcing mode.
While investigating later on I found the context on the home_dir is undefined and unlabeled thus key based access was simply denied.
However, I tried to recover it with restorecon -R -v ~ but it didn't work and then I recognized it will not work while Selinux is in enforcing mode, So, I used chcon and that worked for me.
However, chcon works but I see the remark in the RedHat Doc as changes made with the chcon command do not survive a file system relabel but i could not understand it completely though it says chcon for Temporary changes however, again it survives across reboot and log off login for me.
Issue:
drwx------. myuser mygrp unconfined_u:object_r:unlabeled_t:s0 .ssh
Fix:
Below is the command what i used and that fixed the issue.
$ chcon -R unconfined_u:object_r:user_home_t:s0 /home/<user_name>/.ssh/
Alternative:
However, Below will be more succinct over chcon.
$ semanage fcontext -a -t ssh_home_t /path/to/users/homedirectory/.ssh/
$ restorecon -v /path/to/users/homedirectory/.ssh/
Any explanation will be highly appreciated.
