search for: cert_t

Hi, folks, Our system gets/creates /var/lib/ssh-x509-auth/<username>,pem, then deletes it when the log out. selinux (in permissive mode) complains. First, I changed the context to cert_t, and *now* it complains that ksh93 wants write, etc access on the directory. grep ssh-x509-auth /var/log/audit/audit.log | audit2allow offers me this: #============= sshd_t ============== allow sshd_t cert_t:dir write; allow sshd_t var_lib_t:file { write getattr create open ioctl }; So: first, is...

...won't start. In the audit log, I see this entry when I try to start the dovecot daemon. type=AVC msg=audit(1141464818.541:40305): avc: denied { read } for pid=1989 comm="dovecot" name=dovecot.pem dev=md2 ino=3646976 scontext=system_u:system_r:dovecot_t tcontext=system_u:object_r:cert_t tclass=file type=PATH msg=audit(1141499436.214:3266533): item=0 name="/etc/pki/dovecot/dovecot.pem" inode=3646976 dev=09:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 I put SELinux into permissive mode and Dovecot works OK. Looks like dovecot does not assume the correct security context when...