On 17.03.2004 20:31, Russell Coker wrote:
On Thu, 18 Mar 2004 15:14, Aleksey Nogin <aleksey@xxxxxxxxx> wrote:
If I want syslogd to log to a tty, what is the "proper" way of allowing it?
Should I augment the local file contexts to set /dev/tty10 to be var_log_t? Or should I augment the local policies to allow syslogd_t processes more access? Or should I do something else?
allow syslogd_t tty_device_t:chr_file { getattr write };
Should hopefully do it.
Thanks!
But what I am seeing (before any mods) is
Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied { append } for pid=1744 exe=/sbin/syslogd name=tty10 dev=hda2 ino=2688363 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file
Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied { ioctl } for pid=1744 exe=/sbin/syslogd path=/dev/tty10 dev=hda2 ino=2688363 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file
and I am not sure whether giving ioctl access is a reasonable or too much.
-- Aleksey Nogin
Home Page: http://nogin.org/ E-Mail: nogin@xxxxxxxxxxxxxx (office), aleksey@xxxxxxxxx (personal) Office: Jorgensen 70, tel: (626) 395-2907
