SELinux prevented dbus-daemon from using the terminal /dev/tty1

Antonio Olivares olivares14031 at yahoo.com
Wed Feb 27 19:46:20 UTC 2008



Summary:

SELinux prevented dbus-daemon from using the terminal
/dev/tty1.

Detailed Description:

SELinux prevented dbus-daemon from using the terminal
/dev/tty1. In most cases
daemons do not need to interact with the terminal,
usually these avc messages
can be ignored. All of the confined daemons should
have dontaudit rules around
using the terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this selinux-policy.
If you would like to allow all daemons to interact
with the terminal, you can
turn on the allow_daemons_use_tty boolean.

Allowing Access:

Changing the "allow_daemons_use_tty" boolean to true
will allow this access:
"setsebool -P allow_daemons_use_tty=1."

Fix Command:

setsebool -P allow_daemons_use_tty=1

Additional Information:

Source Context               
unconfined_u:unconfined_r:unconfined_dbusd_t
                              :SystemLow-SystemHigh
Target Context               
unconfined_u:object_r:unconfined_tty_device_t
Target Objects                /dev/tty1 [ chr_file ]
Source                        dbus-daemon
Source Path                   /bin/dbus-daemon
Port                          <Unknown>
Host                          localhost
Source RPM Packages           dbus-1.1.4-6.fc9
Target RPM Packages           
Policy RPM                   
selinux-policy-3.3.1-4.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_daemons_use_tty
Host Name                     localhost
Platform                      Linux localhost
2.6.25-0.69.rc3.git1.fc9 #1 SMP
                              Tue Feb 26 16:12:54 EST
2008 i686 athlon
Alert Count                   6
First Seen                    Fri 01 Feb 2008 05:06:20
PM CST
Last Seen                     Wed 27 Feb 2008 01:01:38
PM CST
Local ID                     
c0a79310-b4d4-41fc-a712-a4db505290d5
Line Numbers                  

Raw Audit Messages            

host=localhost type=AVC msg=audit(1204138898.740:24):
avc:  denied  { read write } for  pid=2845
comm="dbus-daemon" path="/dev/tty1" dev=tmpfs ino=1858
scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0
tclass=chr_file

host=localhost type=SYSCALL
msg=audit(1204138898.740:24): arch=40000003 syscall=11
success=yes exit=0 a0=804c907 a1=bfd1f04c a2=bfd20474
a3=7 items=0 ppid=2844 pid=2845 auid=500 uid=500
gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
fsgid=500 tty=(none) ses=1 comm="dbus-daemon"
exe="/bin/dbus-daemon"
subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
key=(null)





      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs




More information about the fedora-test-list mailing list