Username.pem
Hi, folks,
Our system gets/creates /var/lib/ssh-x509-auth/
/var/log/audit/audit.log | audit2allow offers me this:
#============= sshd_t =============allow sshd_t cert_t:dir write;
allow sshd_t var_lib_t:file { write getattr create open ioctl };
So: first, is this an expected behavior; second, is that the correct fcontext, and, finally, is it safe for me to create this as a local policy?
Thanks in advance.
mark
One thought on - Username.pem
Best label available I can see is sshd_var_run_t. Not exactly named well but it would work.
chcon -R -t sshd_var_run_t /var/lib/ssh-x509-auth