SELinux prevented dbus-daemon from using the terminal /dev/tty1.

Antonio Olivares olivares14031 at yahoo.com
Mon Mar 3 22:03:12 UTC 2008 

At one point, these were cured and now they reappear. 
How can I make them go away for good?

Thanks,

Antonio 

Summary:

SELinux prevented dbus-daemon from using the terminal
/dev/tty1.

Detailed Description:

SELinux prevented dbus-daemon from using the terminal
/dev/tty1. In most cases
daemons do not need to interact with the terminal,
usually these avc messages
can be ignored. All of the confined daemons should
have dontaudit rules around
using the terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this selinux-policy.
If you would like to allow all daemons to interact
with the terminal, you can
turn on the allow_daemons_use_tty boolean.

Allowing Access:

Changing the "allow_daemons_use_tty" boolean to true
will allow this access:
"setsebool -P allow_daemons_use_tty=1."

Fix Command:

setsebool -P allow_daemons_use_tty=1

Additional Information:

Source Context               
unconfined_u:unconfined_r:unconfined_dbusd_t
                              :SystemLow-SystemHigh
Target Context               
unconfined_u:object_r:unconfined_tty_device_t
Target Objects                /dev/tty1 [ chr_file ]
Source                        dbus-daemon
Source Path                   /bin/dbus-daemon
Port                          <Unknown>
Host                          localhost
Source RPM Packages           dbus-1.1.20-1.fc9
Target RPM Packages           
Policy RPM                   
selinux-policy-3.3.1-9.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_daemons_use_tty
Host Name                     localhost
Platform                      Linux localhost
2.6.25-0.80.rc3.git2.fc9 #1 SMP
                              Fri Feb 29 18:17:34 EST
2008 i686 athlon
Alert Count                   14
First Seen                    Fri 01 Feb 2008 05:06:20
PM CST
Last Seen                     Mon 03 Mar 2008 03:57:07
PM CST
Local ID                     
c0a79310-b4d4-41fc-a712-a4db505290d5
Line Numbers                  

Raw Audit Messages            

host=localhost type=AVC
msg=audit(1204581427.951:2778): avc:  denied  { read
write } for  pid=1306 comm="dbus-daemon"
path="/dev/tty1" dev=tmpfs ino=1857
scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0
tclass=chr_file

host=localhost type=SYSCALL
msg=audit(1204581427.951:2778): arch=40000003
syscall=11 success=yes exit=0 a0=804c908 a1=bf92fc8c
a2=bf9310b4 a3=7 items=0 ppid=1305 pid=1306 auid=500
uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 tty=(none) ses=1 comm="dbus-daemon"
exe="/bin/dbus-daemon"
subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
key=(null)





      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the fedora-test-list mailing list