Syslog to /dev/tty10
Aleksey Nogin
aleksey at nogin.org
Thu Mar 18 05:07:32 UTC 2004
On 17.03.2004 20:31, Russell Coker wrote:
> On Thu, 18 Mar 2004 15:14, Aleksey Nogin <aleksey at nogin.org> wrote:
>
>>If I want syslogd to log to a tty, what is the "proper" way of allowing it?
>>
>>Should I augment the local file contexts to set /dev/tty10 to be
>>var_log_t? Or should I augment the local policies to allow syslogd_t
>>processes more access? Or should I do something else?
>
>
> allow syslogd_t tty_device_t:chr_file { getattr write };
>
> Should hopefully do it.
Thanks!
But what I am seeing (before any mods) is
Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied {
append } for pid=1744 exe=/sbin/syslogd name=tty10 dev=hda2 ino=2688363
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file
Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied {
ioctl } for pid=1744 exe=/sbin/syslogd path=/dev/tty10 dev=hda2
ino=2688363 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file
and I am not sure whether giving ioctl access is a reasonable or too much.
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list