Best label available I can see is sshd_var_run_t. Not exactly named well but it would work. chcon -R -t sshd_var_run_t /var/lib/ssh-x509-auth On 04/26/2016 11:31 AM, m.roth at 5-cent.us wrote: > Hi, folks, > > Our system gets/creates /var/lib/ssh-x509-auth/<username>,pem, then > deletes it when the log out. selinux (in permissive mode) complains. > First, I changed the context to cert_t, and *now* it complains that > ksh93 wants write, etc access on the directory. grep ssh-x509-auth > /var/log/audit/audit.log | audit2allow offers me this: > #============= sshd_t ============== > allow sshd_t cert_t:dir write; > allow sshd_t var_lib_t:file { write getattr create open ioctl }; > > So: first, is this an expected behavior; second, is that the correct > fcontext, and, finally, is it safe for me to create this as a local > policy? > > Thanks in advance. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos