Recommended types for special keys
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 5 11:10:12 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/03/2013 01:52 PM, m.roth at 5-cent.us wrote:
> Ok, small problem: where I work is a US federal gov't agency, and we're
> required to use data from our PIV cards (the same as US DoD CAC cards). We
> store the user's public keys from those cards, so they are, in effect,
> their ssh keys for going to other systems. Selinux complains about the
> types. The sealert offers, among other obviously inappropriate types,
> these: nx_server_home_ssh_t, etc_t, rssh_ro_t, ssh_home_t, cert_type,
> home_root_t, sshd_t, selinux_login_config_t, ssh_home_t.
>
> What *would* be an appropriate type?
>
> mark
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
I would like to see the AVCs. Is this sshd complaining about not being able
to read them? ssh_home_t would probably be the best type.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHWqZQACgkQrlYvE4MpobPBIwCdH0950iX1pTewznruUV4gJiTO
r34AoL3vFYjZiWlfktUU/PX2bmvUvf90
=XzB+
-----END PGP SIGNATURE-----
More information about the selinux
mailing list