Hi, under these circumstances: 1. Install google authenticator 2. setup the pam module for sudo-: auth required pam_google_authenticator.so user=root secret=/PATH_FOLDER/${USER} 3. run google-authenticator for ${USER} 4. cp or mv .google-authenticator file to /var/lib/google-authenticator/chira 5. run restorecon -rv on /var/lib/google-authenticator/ 6. reboot GA fails (without providing any errors to terminal) to ask for verification code and sudo doesnt execute. No AVC denials are provided either. However, i get an error message from journal: audit: type=1100 audit(1513091006.688:912): pid=10848 uid=1000 auid=1000 ses=2 subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="chira" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=failed' Dec 12 17:03:28 localhost.localdomain sudo(pam_google_authenticator)[10848]: Failed to read "/var/lib/google-authenticator/chira" for "chira" ... If i switch to unconfined_u, all goes smoothly as expected. im currently on fedora 27 workstation and selinux-policy-3.13.1-283.17.fc27.noarch. BR, Sindano _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx