Changing the ssh port in sshd_config breaks ssh

[3pns]

Describe the bug
Modifying sshd config port config and rebooting fedora coreos breaks the ssh service.

Reproduction steps
Steps to reproduce the behavior:

1. install fedora coreos on digital ocean
2. edit the file /etc/ssh/sshd_config by modifying the Port to 2222
3. reboot the server

Expected behavior
2 possible correct behaviours

• the file is not managed by the ignition / ign process and the OS reboot using the correct port
• the file is managed by the ignition / ign process and it revert the sshd_config to the Port defined by the config. ( something that was common with the original CoreOs )

In either possible acceptable behavior ssh should still be working and it should still be possible to ssh to the server, wether with the default port or new port

Actual behavior
The sshd service is broken and it is not possible anymore to login to the droplet. See below the extract from error log when I try to login throug the VNC Client ( which is not possible because there are no default password )

avc: denied { name_bind } for pid=3084="sshd" src=2222 scontext=system_u:system_r:sshd_t:s0-s0.c1023 tcontext=system_u:object_r:unreserved_port_t:s0 tclass-tcp_socket permissive=0`

System details

• Digital Ocean using FedoraCoreOs DigitalOcean image
• Fedora CoreOS version 34.20211031.3.0

Ignition config

variant: fcos
version: 1.4.0
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - key1
        - key2
        - key3
        - key4
        - key5

Additional information
Add any other information about the problem here.

[dustymabe]

The problem here is SELinux needs to be told that the SSH port has been changed. Unfortunately it's not as easy as it should be to do that in FCOS right now. See context in #396 (comment) and a potential workaround in #396 (comment).