[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: AVC messages at boot and kdm login (latest Rawhide)

From: Bill Nottingham <notting redhat com>
To: fedora-selinux-list redhat com
Cc: Aleksey Nogin <aleksey nogin org>
Subject: Re: AVC messages at boot and kdm login (latest Rawhide)
Date: Thu, 11 Mar 2004 11:17:49 -0500

Russell Coker (russell coker com au) said: 
> > Mar 11 04:19:53 dell kernel: audit(1079007592.976:0): avc:  denied  {
> > read write } for  pid=1665 exe=/usr/sbin/gpm name=event0 dev=hda2
> > ino=4219044 scontext=system_u:system_r:gpm_t
> > tcontext=system_u:object_r:device_t tclass=chr_file
> > Mar 11 04:19:53 dell kernel: audit(1079007592.976:0): avc:  denied  {
> > ioctl } for  pid=1665 exe=/usr/sbin/gpm path=/dev/input/event0 dev=hda2
> > ino=4219044 scontext=system_u:system_r:gpm_t
> > tcontext=system_u:object_r:device_t tclass=chr_file
> 
> How does /dev/input really work?  As I understand it event0 could be a 
> keyboard or a mouse.  So maybe we want a separate type for this so that when 
> using gpm it can access it, but when the user is granted direct mouse access 
> they can't read the keyboard directly.
> 
> Does this make sense?

X will need access to eventX as well.

Bill

Follow-Ups:
- Re: AVC messages at boot and kdm login (latest Rawhide)
  - From: Paul Nasrat

References:
- AVC messages at boot and kdm login (latest Rawhide)
  - From: Aleksey Nogin
- Re: AVC messages at boot and kdm login (latest Rawhide)
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]