Here is the module that I used to allow saslauthd to work with kerberos5, allow access to the kaytab and access to tmp_t so it can create cache files. Is there a better way to handle this other than giving it all this access rights to tmp_t? module mysaslauthd 1.0.8; require { class dir { search write add_name remove_name }; class file { getattr lock read write create rename unlink }; type krb5_keytab_t; type saslauthd_t; type tmp_t; role system_r; }; allow saslauthd_t krb5_keytab_t:file read; allow saslauthd_t krb5_keytab_t:file lock; allow saslauthd_t tmp_t:dir search; allow saslauthd_t tmp_t:file { getattr read write create rename unlink }; allow saslauthd_t tmp_t:dir { search write add_name remove_name };
Fixed in selinux-policy-2.4.6-42.fc6