[OpenAFS] SElinux and openafs
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 29 May 2006 13:02:17 -0400
On Saturday, May 27, 2006 11:31:51 PM -0500 Paul Johnson
<pauljohn32@gmail.com> wrote:
> I'm using the OpenAFS (1.4.1) PAM for authenticating users and on a
> new FC5 system, there are constant errors from SElinux claiming that
> /lib/security/pam_afs.so is doing something bad. i can paste in a
> full list of the warnings if you want to see them, but I expect every
> other FC5 user with SElinux turned on has found them.
>
> Can you tell me the magic words to make SElinux leave us alone with
> OpenAFS?
/etc/sysconfig/selinux:
SELINUX=disabled
It might be sufficient to set SELINUXTYPE=targeted, but since last I
checked that is the default, it's probably no longer sufficient.
The problem with SELinux is that introducing new system components requires
amending SELinux policy, which is somewhat vendor-specific.