> Also you should figure out what created this (was it some init script?).I am actually pretty sure it was created by either lsassd or maybe but
> It might be that some process was running in the init script domain due
> to a mislabeled executable file (ps auxZ | grep initrc_t)
less likely the lsassd init script (or the main likewise init script if
you do not have a separate lsassd init script). May also be a left over
from earlier before you applied the proper file contexts (that is
actually what i suspect)
Yes, it is created by lsassd, and I think it was leftover from before. The number in the filename is my uid - the files are owned by me. I logged out, I removed both files as root, and then when I next logged in as myself, a new file was created as such:
system_u:object_r:user_tmp_t:s0 krb5cc_1040237070_CeTgk16875
When I logged back out, it looks like it was renamed by lsassd:
system_u:object_r:lsassd_tmp_t:s0 krb5cc_1040237070
When I logged in again, a new file with a random string appended was created with user_tmp_t context. I repeated the whole experiment, and the file without the random string appended never re-appeared. So, I'm not entirely sure what it's doing (something with Kerberos tickets :) - it did grow in size when I SSHed to another box), but I haven't seen any AVC messages about it since that first time.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux