search for: ssh_home_t

...der selinux works, as long as you do it the way the policy > writer intended, see https://linux.die.net/man/8/dovecot_selinux > > Aki For replication over SSH I had to add the following module: module selinux-dovecot-replication-ssh 1.0; require { type ssh_exec_t; type ssh_home_t; type dovecot_t; class file { open read execute execute_no_trans }; class dir { getattr search }; } #============= dovecot_t ============== allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans }; allow dovecot_t ssh_home_t:dir { getattr search }; allow do...

...the policy >> writer intended, seehttps://linux.die.net/man/8/dovecot_selinux >> >> Aki > > For replication over SSH I had to add the following module: > > module selinux-dovecot-replication-ssh 1.0; > > require { > type ssh_exec_t; > type ssh_home_t; > type dovecot_t; > class file { open read execute execute_no_trans }; > class dir { getattr search }; > } > > #============= dovecot_t ============== > allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans }; > allow dovecot_t ssh_...

...https://linux.die.net/man/8/dovecot_selinux >>> >>> Aki >> >> For replication over SSH I had to add the following module: >> >> module selinux-dovecot-replication-ssh 1.0; >> >> require { >> type ssh_exec_t; >> type ssh_home_t; >> type dovecot_t; >> class file { open read execute execute_no_trans }; >> class dir { getattr search }; >> } >> >> #============= dovecot_t ============== >> allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans...

Hello! I finally took the time and spent two days to set up replication for my server and now I have a question or two. I initially set noreplicate userdb field to 1 for all but a test user, but I could still see in the logs that all mailboxes were trying to connect to the other server via SSH. Is that normal? Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: Remote

...ons complete in any case but I am perplexed >> as to what is the problem with the root identity key that ssh is >> reporting. >> >> Can anyone explain to me what this means? >> >> Also check that the selinux context on all files and directories are set to "ssh_home_t". From the home dir: #chcon -R -t ssh_home_t .ssh

I tried to run chcon to set SELinux labels on a guestmounted dir and got: chcon: failed to change context of `authorized_keys' to `system_u:object_r:ssh_home_t:s0': Operation not supported I'm guessing that you need to pass 'seclabel' or 'user_xattr' or some such mount option to guestmount to support this. I notice you can pass such options through the -m option to guestmount, but not -i which we need to use. Is there a way to su...

...ns complete in any case but I am perplexed >> as to what is the problem with the root identity key that ssh is >> reporting. >> >> Can anyone explain to me what this means? >> >> Also check that the selinux context on all files and directories are set to "ssh_home_t". From the home dir: #chcon -R -t ssh_home_t .ssh _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos

While attempting to debug something else I ran across this: ssh -vvv somehost . . . debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug3: Not a RSA1 key file /root/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing

I'm seeing a lot of noise in the logs, to the effect of: setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory /var/lib/ssh-x509-auth as well as others related to find, cat, etc on .pem's in that directory. Is this a policy bug, or just no policy covering this? mark

...16 07:25 [01;31msmbldap-tools-0.9.11-6.el7.noarch.rpm -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 513 1077 Sep 21 09:37 specialaccounts.ldif -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 513 833 Sep 21 09:36 specialaccounts.ldif~ drwx------. 2 unconfined_u:object_r:ssh_home_t:s0 1000 1000 4096 Jan 10 2016 [01;34m.ssh drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mTemplates -rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 777 Sep 20 10:32 test2user-complete.ldif -rw-rw-r--. 1 unconfined_u:object_r:home_root...