[DSE-User] Kerberos file contexts
Sol Jerome
sol.jerome at gmail.com
Sun May 20 22:19:53 UTC 2012
I read through the archives a bit, but was unable to see anything
mentioned about this.
I am wondering if there are any Kerberos-specific file contexts that
can be set for e.g. ~/.k5login files (a la
https://bugzilla.redhat.com/show_bug.cgi?id=501107). With the default
context, I'm receiving the following.
kernel: [476571.702223] type=1400 audit(1337525379.557:1063): avc:
denied { read } for pid=2974 comm="sshd" name=".k5login" dev=vda1
ino=391687 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
I am able to login without issue by changing to ssh_home_t (chcon -t
ssh_home_t /root/.k5login), but was just wondering if there is a
better way of solving this issue.
Thanks,
Sol
More information about the Selinux-user
mailing list