On Jun 26, 2006, at 6:18 PM, Valdis Kletnieks vt edu wrote:
On Mon, 26 Jun 2006 16:37:21 CDT, you said:I would like to set a virtual terminal to be 'Secret-Secret'. I tried editing /etc/inittab 3:2345:respawn:runcon "system_u:system_r:getty_t:Secret-Secret" -- / sbin/mingetty tty3Out of curiosity, if it's confined to 'Secret only', is it able to open the mingetty binary? What, if any, avc's get generated when you try this?
None that appear related. Jun 26 18:20:54 cipso init: Re-reading inittabJun 26 18:21:16 cipso kernel: audit(1151364076.250:198): avc: denied { getattr } for pid=4226 comm="login" name="polyinstantiated" dev=dm-0 ino=36864115 scontext=system_u:system_r:local_login_t:s2 tcontext=user_u:object_r:user_t:s0 tclass=dir Jun 26 18:21:16 cipso kernel: audit(1151364076.286:199): avc: denied { search } for pid=4226 comm="login" name="polyinstantiated" dev=dm-0 ino=36864115 scontext=system_u:system_r:local_login_t:s2 tcontext=user_u:object_r:user_t:s0 tclass=dir Jun 26 18:21:16 cipso kernel: audit(1151364076.286:200): avc: denied { mounton } for pid=4226 comm="login" name="polyinstantiated" dev=dm-0 ino=36864115 scontext=system_u:system_r:local_login_t:s2 tcontext=user_u:object_r:user_t:s0 tclass=dir
joe