Re: Recommended types for special keys
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/03/2013 01:52 PM, m.roth(a)5-cent.us wrote:
Ok, small problem: where I work is a US federal gov't agency, and
we're
required to use data from our PIV cards (the same as US DoD CAC cards). We
store the user's public keys from those cards, so they are, in effect,
their ssh keys for going to other systems. Selinux complains about the
types. The sealert offers, among other obviously inappropriate types,
these: nx_server_home_ssh_t, etc_t, rssh_ro_t, ssh_home_t, cert_type,
home_root_t, sshd_t, selinux_login_config_t, ssh_home_t.
What *would* be an appropriate type?
mark
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I would like to see the AVCs. Is this sshd complaining about not being able
to read them? ssh_home_t would probably be the best type.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHWqZQACgkQrlYvE4MpobPBIwCdH0950iX1pTewznruUV4gJiTO
r34AoL3vFYjZiWlfktUU/PX2bmvUvf90
=XzB+
-----END PGP SIGNATURE-----