-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/25/2011 09:06 AM, Jeroen van Meeuwen (Kolab Systems) wrote: > On 2011-12-25 13:51, Dominic Hopf wrote: >> Hi Jeroen, >> >> I'm not quite sure if I'm doing it right, but I have stored my >> OpenVPN Client certificate in ~/.pki, it seems there is the only >> place besides /etc/pki/ where it can have the proper SELinux >> context (home_cert_t in this case) and looks like a sane location >> to store a certificate also. :) >> > > That could do the trick, and is not insensible indeed! Thanks for > the pointer. > > Merry Christmas, > > Kind regards, > > Jeroen van Meeuwen > Proper labeling for certs in the homedir is setup for ~/.pki or ~/.cert grep home_cert_t /etc/selinux/targeted/modules/active/homedir_template HOME_DIR/.kde/share/apps/networkmanagement/certificates(/.*)? system_u:object_r:home_cert_t:s0 HOME_DIR/\.pki(/.*)? system_u:object_r:home_cert_t:s0 HOME_DIR/\.cert(/.*)? system_u:object_r:home_cert_t:s0 You might need to run restorecon 0n the directories after you create. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk77IMsACgkQrlYvE4MpobOBpgCeKEA4Y0ZEplq4VB/eppIdFq5+ b1gAn1ZmdcL86tPOtznFBXMvF6riMXDc =KG22 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux