SELinux prevented dbus-daemon from using the terminal /dev/tty1.

Daniel J Walsh dwalsh at redhat.com
Tue Mar 4 15:10:36 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> At one point, these were cured and now they reappear. 
> How can I make them go away for good?
> 
> Thanks,
> 
> Antonio 
> 
> Summary:
> 
> SELinux prevented dbus-daemon from using the terminal
> /dev/tty1.
> 
> Detailed Description:
> 
> SELinux prevented dbus-daemon from using the terminal
> /dev/tty1. In most cases
> daemons do not need to interact with the terminal,
> usually these avc messages
> can be ignored. All of the confined daemons should
> have dontaudit rules around
> using the terminal. Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this selinux-policy.
> If you would like to allow all daemons to interact
> with the terminal, you can
> turn on the allow_daemons_use_tty boolean.
> 
> Allowing Access:
> 
> Changing the "allow_daemons_use_tty" boolean to true
> will allow this access:
> "setsebool -P allow_daemons_use_tty=1."
> 
> Fix Command:
> 
> setsebool -P allow_daemons_use_tty=1
> 
> Additional Information:
> 
> Source Context               
> unconfined_u:unconfined_r:unconfined_dbusd_t
>                               :SystemLow-SystemHigh
> Target Context               
> unconfined_u:object_r:unconfined_tty_device_t
> Target Objects                /dev/tty1 [ chr_file ]
> Source                        dbus-daemon
> Source Path                   /bin/dbus-daemon
> Port                          <Unknown>
> Host                          localhost
> Source RPM Packages           dbus-1.1.20-1.fc9
> Target RPM Packages           
> Policy RPM                   
> selinux-policy-3.3.1-9.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   allow_daemons_use_tty
> Host Name                     localhost
> Platform                      Linux localhost
> 2.6.25-0.80.rc3.git2.fc9 #1 SMP
>                               Fri Feb 29 18:17:34 EST
> 2008 i686 athlon
> Alert Count                   14
> First Seen                    Fri 01 Feb 2008 05:06:20
> PM CST
> Last Seen                     Mon 03 Mar 2008 03:57:07
> PM CST
> Local ID                     
> c0a79310-b4d4-41fc-a712-a4db505290d5
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> host=localhost type=AVC
> msg=audit(1204581427.951:2778): avc:  denied  { read
> write } for  pid=1306 comm="dbus-daemon"
> path="/dev/tty1" dev=tmpfs ino=1857
> scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0
> tclass=chr_file
> 
> host=localhost type=SYSCALL
> msg=audit(1204581427.951:2778): arch=40000003
> syscall=11 success=yes exit=0 a0=804c908 a1=bf92fc8c
> a2=bf9310b4 a3=7 items=0 ppid=1305 pid=1306 auid=500
> uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
> sgid=500 fsgid=500 tty=(none) ses=1 comm="dbus-daemon"
> exe="/bin/dbus-daemon"
> subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
> key=(null)
> 
> 
> 
> 
> 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This can be ignored.  Did you restart the dbus daemon from a terminal shell?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfNZmwACgkQrlYvE4MpobPguwCgiJIsNmha8CTPf099v1OFvNIn
qYMAoLdO8nB4RQOLq5luCozLL77bRHrz
=65w4
-----END PGP SIGNATURE-----




More information about the fedora-test-list mailing list