We use Yubikey for two-factor ssh authentication which requires enabling a Boolean called "authlogin_yubikey". It has been working fine until a few weeks ago. Errors appear when attempting to set the policy:
-- [Cent-7:root@my_server home]# getsebool authlogin_yubikey authlogin_yubikey --> off [Cent-7:root@my_server home]# setsebool -P authlogin_yubikey on libsepol.context_from_record: type gpio_device_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:gpio_device_t:s0 to sid invalid context system_u:object_r:gpio_device_t:s0 [Cent-7:root@my_server home]# getsebool authlogin_yubikey authlogin_yubikey --> on --- The system accepts two-factor while the above is set to "on". After some undetermined time (or immediately after a reboot) the Boolean toggles off. This can be confirmed since semanage shows that the default is still set to "off": -- [Cent-7:root@my_server ~]# semanage boolean -l | grep "authlogin_yubikey" SELinux boolean State Default Description ... authlogin_yubikey (on , off) Allow authlogin to yubikey -- It looks similar to the following bug on Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1559174
_______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
