Since I posted about a week and a half ago, I haven't seen any response. This is an example of what I think Dan was asking about. time->Thu Nov 1 16:00:01 2012 type=SYSCALL msg=audit(1351800001.262:133107): arch=c000003e syscall=2 success=yes exit=18 a0=7ffea2fdde22 a1=0 a2=1b6 a3=0 items=0 ppid=20709 pid=20713 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=5118 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1351800001.262:133107): avc: denied { open } for pid=20713 comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file type=AVC msg=audit(1351800001.262:133107): avc: denied { read } for pid=20713 comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file And just to clarify, I believe what's doing this is that the webserver for svn is checking the user's smart card before allowing them to check files out. mark -- selinux mailing list selinux(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCT0D0ACgkQrlYvE4MpobMB8QCgv3fassTQ+4zckEGMT6sFEEgp GkcAoIN8KhZgbCr0AqIxC5SI9yQwxqQV =SGGe -----END PGP SIGNATURE-----