NetworkManager / OpenVPN Certificates
Daniel J Walsh
dwalsh at redhat.com
Wed Dec 28 13:59:39 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/25/2011 09:06 AM, Jeroen van Meeuwen (Kolab Systems) wrote:
> On 2011-12-25 13:51, Dominic Hopf wrote:
>> Hi Jeroen,
>>
>> I'm not quite sure if I'm doing it right, but I have stored my
>> OpenVPN Client certificate in ~/.pki, it seems there is the only
>> place besides /etc/pki/ where it can have the proper SELinux
>> context (home_cert_t in this case) and looks like a sane location
>> to store a certificate also. :)
>>
>
> That could do the trick, and is not insensible indeed! Thanks for
> the pointer.
>
> Merry Christmas,
>
> Kind regards,
>
> Jeroen van Meeuwen
>
Proper labeling for certs in the homedir is setup for ~/.pki or ~/.cert
grep home_cert_t /etc/selinux/targeted/modules/active/homedir_template
HOME_DIR/.kde/share/apps/networkmanagement/certificates(/.*)?
system_u:object_r:home_cert_t:s0
HOME_DIR/\.pki(/.*)? system_u:object_r:home_cert_t:s0
HOME_DIR/\.cert(/.*)? system_u:object_r:home_cert_t:s0
You might need to run restorecon 0n the directories after you create.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk77IMsACgkQrlYvE4MpobOBpgCeKEA4Y0ZEplq4VB/eppIdFq5+
b1gAn1ZmdcL86tPOtznFBXMvF6riMXDc
=KG22
-----END PGP SIGNATURE-----
More information about the selinux
mailing list