SELinux prevented dbus-daemon from using the terminal /dev/tty1
Antonio Olivares
olivares14031 at yahoo.com
Wed Feb 27 19:46:20 UTC 2008
Summary:
SELinux prevented dbus-daemon from using the terminal
/dev/tty1.
Detailed Description:
SELinux prevented dbus-daemon from using the terminal
/dev/tty1. In most cases
daemons do not need to interact with the terminal,
usually these avc messages
can be ignored. All of the confined daemons should
have dontaudit rules around
using the terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this selinux-policy.
If you would like to allow all daemons to interact
with the terminal, you can
turn on the allow_daemons_use_tty boolean.
Allowing Access:
Changing the "allow_daemons_use_tty" boolean to true
will allow this access:
"setsebool -P allow_daemons_use_tty=1."
Fix Command:
setsebool -P allow_daemons_use_tty=1
Additional Information:
Source Context
unconfined_u:unconfined_r:unconfined_dbusd_t
:SystemLow-SystemHigh
Target Context
unconfined_u:object_r:unconfined_tty_device_t
Target Objects /dev/tty1 [ chr_file ]
Source dbus-daemon
Source Path /bin/dbus-daemon
Port <Unknown>
Host localhost
Source RPM Packages dbus-1.1.4-6.fc9
Target RPM Packages
Policy RPM
selinux-policy-3.3.1-4.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_daemons_use_tty
Host Name localhost
Platform Linux localhost
2.6.25-0.69.rc3.git1.fc9 #1 SMP
Tue Feb 26 16:12:54 EST
2008 i686 athlon
Alert Count 6
First Seen Fri 01 Feb 2008 05:06:20
PM CST
Last Seen Wed 27 Feb 2008 01:01:38
PM CST
Local ID
c0a79310-b4d4-41fc-a712-a4db505290d5
Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1204138898.740:24):
avc: denied { read write } for pid=2845
comm="dbus-daemon" path="/dev/tty1" dev=tmpfs ino=1858
scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0
tclass=chr_file
host=localhost type=SYSCALL
msg=audit(1204138898.740:24): arch=40000003 syscall=11
success=yes exit=0 a0=804c907 a1=bfd1f04c a2=bfd20474
a3=7 items=0 ppid=2844 pid=2845 auid=500 uid=500
gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
fsgid=500 tty=(none) ses=1 comm="dbus-daemon"
exe="/bin/dbus-daemon"
subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
key=(null)
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the fedora-selinux-list
mailing list