[OpenAFS] SElinux and openafs

Jeffrey Hutzelman jhutz@cmu.edu
Mon, 29 May 2006 13:02:17 -0400

On Saturday, May 27, 2006 11:31:51 PM -0500 Paul Johnson 
<pauljohn32@gmail.com> wrote:

> I'm using the OpenAFS (1.4.1) PAM for authenticating users and on a
> new FC5 system, there are constant errors from SElinux claiming that
> /lib/security/pam_afs.so is doing something bad.  i can paste in a
> full list of the warnings if you want to see them, but I expect every
> other FC5 user with SElinux turned on has found them.
> Can you tell me the magic words to make SElinux leave us alone with
> OpenAFS?


It might be sufficient to set SELINUXTYPE=targeted, but since last I 
checked that is the default, it's probably no longer sufficient.

The problem with SELinux is that introducing new system components requires 
amending SELinux policy, which is somewhat vendor-specific.