-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/03/2013 01:52 PM, m.roth@xxxxxxxxx wrote: > Ok, small problem: where I work is a US federal gov't agency, and we're > required to use data from our PIV cards (the same as US DoD CAC cards). We > store the user's public keys from those cards, so they are, in effect, > their ssh keys for going to other systems. Selinux complains about the > types. The sealert offers, among other obviously inappropriate types, > these: nx_server_home_ssh_t, etc_t, rssh_ro_t, ssh_home_t, cert_type, > home_root_t, sshd_t, selinux_login_config_t, ssh_home_t. > > What *would* be an appropriate type? > > mark > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I would like to see the AVCs. Is this sshd complaining about not being able to read them? ssh_home_t would probably be the best type. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHWqZQACgkQrlYvE4MpobPBIwCdH0950iX1pTewznruUV4gJiTO r34AoL3vFYjZiWlfktUU/PX2bmvUvf90 =XzB+ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
