Recommended types for special keys
Douglas Brown
d46.brown at student.qut.edu.au
Thu Jul 4 23:38:50 UTC 2013
On 4/07/13 3:52 AM, "m.roth at 5-cent.us" <m.roth at 5-cent.us> wrote:
>Ok, small problem: where I work is a US federal gov't agency, and we're
>required to use data from our PIV cards (the same as US DoD CAC cards). We
>store the user's public keys from those cards, so they are, in effect,
>their ssh keys for going to other systems. Selinux complains about the
>types. The sealert offers, among other obviously inappropriate types,
>these: nx_server_home_ssh_t, etc_t, rssh_ro_t, ssh_home_t, cert_type,
>home_root_t, sshd_t, selinux_login_config_t, ssh_home_t.
Could you please provide the relevant audit log messages? If not, at least
a little more information, mainly: source domain, target type and access
vector.
>What *would* be an appropriate type?
You can determine this with sesearch, provided you know the information
above.
sesearch --allow --auditallow --target=type_t --class=class
--perm=perm1,perm2,perm3
If it comes back with nothing appropriate, you may need to write your own
policy defining the required types and allowed access vectors.
Cheers,
Doug
More information about the selinux
mailing list