You can setup a custom SELinux module to enable access. We use the following snippet to allow sshd to access authorized keys in home directories on CephFS: module local-ceph-ssh-auth 1.0; require { type cephfs_t; type sshd_t; class file { read getattr open }; } #============= sshd_t ============== allow sshd_t cephfs_t:file { read getattr open }; Compiling and persistently installing such a module is covered by various documentation, such as: https://wiki.centos.org/HowTos/SELinux#head-aa437f65e1c7873cddbafd9e9a73bbf9d102c072 (7.1. Manually Customizing Policy Modules). Also covered there is using audit2allow to create your own module from SELinux audit logs. thanks, Ben On Tue, Sep 17, 2019 at 9:22 AM Andrey Suharev <A.M.Suharev@xxxxxxxxxx> wrote: > > Hi all, > > I would like to have my home dir at cephfs and to keep selinux enabled > at the same time. > > The trouble is selinux prevents sshd to access ~/.ssh/authorized_keys > file. Any ideas how to fix it? > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx