Re: sulogin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/01/2011 12:45 PM, Dominick Grift wrote:
> On Thu, 2011-09-01 at 07:49 -0400, jeremymiller@xxxxxxx wrote:
>> When I boot my box to single user mode I get this error when
>> sulogin tries to run.
>> 
>> type=1400 audit(1296260632.174:5): avc:  denied  { write } for
>> pid=1544 comm="sulogin" path="/dev/pts/0" dev=devpts ino=3
>> scontext=system_u:system_r:sulogin_t:s0
>> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>> 
>> Because of the policy denying the write to /dev/pts/0 I don't get
>> the normal prompt:
>> 
>> Give root password for maintenance (or type Control-D to
>> continue):
>> 
>> Any ideas if this is expected?  I cannot replicate it once I'm in
>> run-level 3.
>> 
>> # sestatus SELinux status:                 enabled SELinuxfs
>> mount:                /selinux Current mode:
>> enforcing Mode from config file:          enforcing Policy
>> version:                 24 Policy from config file:
>> targeted
>> 
>> # ls -ldZ /dev/pts drwxr-xr-x. root root
>> system_u:object_r:devpts_t:s0    /dev/pts
>> 
>> Red Hat Enterprise Linux Server release 6.1 (Santiago
> 
> I do not think that this pty is labelled properly?
> 
> I have not tried it since el6.0, but i have this patch:
> 
> policy_module(mysulogin, 1.0.0)
> 
> optional_policy(` gen_require(` type sulogin_t; ')
> 
> allow sulogin_t self:capability dac_override; 
> kernel_read_crypto_sysctls(sulogin_t) files_search_pids(sulogin_t) 
> ')
> 
> Which *seems* to have fixed any sulogin issues for me.
> 
> I should try it again some time soon..
> 
>> -- JM -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Please open a bug with RHEL6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5fyqwACgkQrlYvE4MpobOulQCeNjrD0Zqsq9DaXfTgroxmEZFq
QoEAn0x7Wosi7Cz+0pt/rWX1ELC4/t6l
=uQhV
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux