-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/25/2011 09:06 AM, Jeroen van Meeuwen (Kolab Systems) wrote:
On 2011-12-25 13:51, Dominic Hopf wrote:
> Hi Jeroen,
>
> I'm not quite sure if I'm doing it right, but I have stored my
> OpenVPN Client certificate in ~/.pki, it seems there is the only
> place besides /etc/pki/ where it can have the proper SELinux
> context (home_cert_t in this case) and looks like a sane location
> to store a certificate also. :)
>
That could do the trick, and is not insensible indeed! Thanks for
the pointer.
Merry Christmas,
Kind regards,
Jeroen van Meeuwen
Proper labeling for certs in the homedir is setup for ~/.pki or ~/.cert
grep home_cert_t /etc/selinux/targeted/modules/active/homedir_template
HOME_DIR/.kde/share/apps/networkmanagement/certificates(/.*)?
system_u:object_r:home_cert_t:s0
HOME_DIR/\.pki(/.*)? system_u:object_r:home_cert_t:s0
HOME_DIR/\.cert(/.*)? system_u:object_r:home_cert_t:s0
You might need to run restorecon 0n the directories after you create.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk77IMsACgkQrlYvE4MpobOBpgCeKEA4Y0ZEplq4VB/eppIdFq5+
b1gAn1ZmdcL86tPOtznFBXMvF6riMXDc
=KG22
-----END PGP SIGNATURE-----