You can setup a custom SELinux module to enable access. We use the
following snippet to allow sshd to access authorized keys in home
directories on CephFS:
module local-ceph-ssh-auth 1.0;
require {
type cephfs_t;
type sshd_t;
class file { read getattr open };
}
#============= sshd_t ==============
allow sshd_t cephfs_t:file { read getattr open };
Compiling and persistently installing such a module is covered by
various documentation, such as:
https://wiki.centos.org/HowTos/SELinux#head-aa437f65e1c7873cddbafd9e9a73bbf9d102c072
(7.1. Manually Customizing Policy Modules). Also covered there is
using audit2allow to create your own module from SELinux audit logs.
thanks,
Ben
On Tue, Sep 17, 2019 at 9:22 AM Andrey Suharev <A.M.Suharev@xxxxxxxxxx> wrote:
>
> Hi all,
>
> I would like to have my home dir at cephfs and to keep selinux enabled
> at the same time.
>
> The trouble is selinux prevents sshd to access ~/.ssh/authorized_keys
> file. Any ideas how to fix it?
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
