Re: pam_console_t wants access to device_t:chr_file ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/29/06, Tomas Mraz <tmraz@xxxxxxxxxx> wrote:

On Thu, 2006-06-29 at 06:52 -0700, Tom London wrote:
> Running targeted/enforcing, latest Rawhide.
>
> Noticed this in /var/log/messages, before auditd is started I guess:
>
> Jun 29 06:43:48 localhost kernel: audit(1151588567.562:102): avc:
> denied  { getattr } for  pid=1526 comm="pam_console_app"
> name="usbdev5.5_ep02" dev=tmpfs ino=5143
> scontext=system_u:system_r:pam_console_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=chr_file

pam_console_apply must be able to get and set attributes (ownership and
mode) on all device nodes which should be accessible by console user.
--
Tomas Mraz <tmraz@xxxxxxxxxx>


Should pam_console_apply have access to all 'device_t' or are new
'device types' for the 'pam-controlled' ones appropriate?

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux