On Thu, 18 Mar 2004 16:07, Aleksey Nogin <aleksey@xxxxxxxxx> wrote:
> > allow syslogd_t tty_device_t:chr_file { getattr write };
> >
> > Should hopefully do it.
>
> Thanks!
>
> But what I am seeing (before any mods) is
>
> Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied {
> append } for pid=1744 exe=/sbin/syslogd name=tty10 dev=hda2 ino=2688363
> scontext=system_u:system_r:syslogd_t
> tcontext=system_u:object_r:tty_device_t tclass=chr_file
> Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied {
> ioctl } for pid=1744 exe=/sbin/syslogd path=/dev/tty10 dev=hda2
> ino=2688363 scontext=system_u:system_r:syslogd_t
> tcontext=system_u:object_r:tty_device_t tclass=chr_file
>
> and I am not sure whether giving ioctl access is a reasonable or too much.
OK, give it { append getattr ioctl } then.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
