Yubico provides an easy to run YubiKey Manager (Ykman), packed as an AppImage. One can download that image by following the download URL provided at:
https://www.yubico.com/support/download/yubikey-manager/
To obtain and use Ykman as an AppImage, open a terminal window, use wget to download the AppImage file, and then set the right permissions (chmod) for executing it:
wget https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-linux.AppImage chmod 755 yubikey-manager-qt-latest-linux.AppImage ./yubikey-manager-qt-latest-linux.AppImage
It may sound easy and convenient. However, if you try running Ykman as an AppImage on Rocky Linux 9.4, the app won't start. This is due to the latest implemented SELinux policy.
To prevent that failure from happening, create a new file called ykman.avc and store inside the following content (as a single line):
type=AVC msg=audit(1717919286.134:498): avc: denied { execmod } for pid=17549 comm="ykman-gui" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=161080 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
Afterwards, compile a new module:
sudo audit2allow -M ykman < ykman.avc
and install it:
semodule -i ykman.pp
That should solve the issue.
0 comments:
Post a Comment