I was unable to find a boolean for sshd_port_forward. Here are some of the avc logs: [2401301.025918] type=1401 audit(1429061322.478:1683): security_compute_sid: invalid context root:sysadm_r:sshd_t:s0-s0:c0.c1023 for scontext=root:sysadm_r:sshd_t:s0-s0:c0.c1023 tcontext=root:sysadm_r:sshd_t:s0-s0:c0.c1023 tclass=tcp_socket [2401301.026054] type=1401 audit(1429061322.478:1684): security_compute_sid: invalid context root:sysadm_r:sshd_t:s0-s0:c0.c1023 for scontext=root:sysadm_r:sshd_t:s0-s0:c0.c1023 tcontext=root:sysadm_r:sshd_t:s0-s0:c0.c1023 tclass=unix_dgram_socket [2401301.026176] type=1401 audit(1429061322.478:1685): security_compute_sid: invalid context root:sysadm_r:sshd_t:s0-s0:c0.c1023 for scontext=root:sysadm_r:sshd_t:s0-s0:c0.c1023 tcontext=root:sysadm_r:sshd_t:s0-s0:c0.c1023 tclass=unix_dgram_socket I think we just need to add a boolean to a policy.
Your SSH daemon is running in the wrong role. It should be using system_r, not sysadm_r.
*** Bug 546646 has been marked as a duplicate of this bug. ***
we discussed this on IRC, the best way is to add the port with: semanage port --add -t ssh_port_t -p tcp 1243 Im closing this, re-open is there is anything else.