Displaying 2 results from an estimated 2 matches for "cert_t".
2016 Apr 26
1
username.pem
Hi, folks,
Our system gets/creates /var/lib/ssh-x509-auth/<username>,pem, then
deletes it when the log out. selinux (in permissive mode) complains.
First, I changed the context to cert_t, and *now* it complains that
ksh93 wants write, etc access on the directory. grep ssh-x509-auth
/var/log/audit/audit.log | audit2allow offers me this:
#============= sshd_t ==============
allow sshd_t cert_t:dir write;
allow sshd_t var_lib_t:file { write getattr create open ioctl };
So: first, is...
2006 Mar 08
1
Default SELinux policy on Fedora FC4 prevents dovecot service from starting
...won't start. In the audit log, I see this entry when I try to start the dovecot daemon.
type=AVC msg=audit(1141464818.541:40305): avc: denied { read } for pid=1989 comm="dovecot" name=dovecot.pem dev=md2 ino=3646976 scontext=system_u:system_r:dovecot_t tcontext=system_u:object_r:cert_t tclass=file
type=PATH msg=audit(1141499436.214:3266533): item=0 name="/etc/pki/dovecot/dovecot.pem" inode=3646976 dev=09:02 mode=0100600 ouid=0 ogid=0 rdev=00:00
I put SELinux into permissive mode and Dovecot works OK. Looks like dovecot does not assume the correct security context when...