[redhat-lspp] mls constraint issue in the java_t domain
Klaus Weidner
klaus at atsec.com
Tue May 29 21:46:59 UTC 2007
On Tue, May 29, 2007 at 02:25:10PM -0400, Stephen Smalley wrote:
> On Fri, 2007-05-25 at 17:26 -0700, Clarkson, Mike R (US SSA) wrote:
> > I've got the following AVC denial message that I can't get past:
> >
> > type=AVC msg=audit(1180136666.749:225351): avc: denied { write } for
> > pid=6603 comm="java" name="3" dev=devpts ino=5
> > scontext=m252_u:system_r:java_t:s15:c0.c255
> > tcontext=m252_u:object_r:devpts_t:s0 tclass=chr_file
[...]
> > Any ideas for what I need to do to get past this AVC denial?
>
> Use newrole -l, and it will relabel the pty for you.
If "newrole -l" doesn't work for you and it complains about an insecure
terminal, you can make that work (for demo purposes) by adding the type
of your terminal (as shown by "ls -lZ `tty`" to the
/etc/selinux/mls/contexts/securetty_types file.
-Klaus
More information about the redhat-lspp
mailing list