selinux denies X, but can get in via permissive mode
Antonio Olivares
olivares14031 at yahoo.com
Wed Apr 16 23:54:17 UTC 2008
Dear all,
*** fedora 7 ==> Fedora rawhide machine.
booting with enforcing=0 parameter. Could not su -
before, but with enforcing=0 can now. The following
warning comes up.
How can I fix to boot normally,
Thanks,
Antonio
Summary:
SELinux prevented X from using the terminal /dev/tty7.
Detailed Description:
[SELinux is in permissive mode, the operation would
have been denied but was
permitted due to permissive mode.]
SELinux prevented X from using the terminal /dev/tty7.
In most cases daemons do
not need to interact with the terminal, usually these
avc messages can be
ignored. All of the confined daemons should have
dontaudit rules around using
the terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this selinux-policy.
If you would like to allow all daemons to interact
with the terminal, you can
turn on the allow_daemons_use_tty boolean.
Allowing Access:
Changing the "allow_daemons_use_tty" boolean to true
will allow this access:
"setsebool -P allow_daemons_use_tty=1."
Fix Command:
setsebool -P allow_daemons_use_tty=1
Additional Information:
Source Context user_u:user_r:user_t
Target Context
system_u:object_r:tty_device_t
Target Objects /dev/tty7 [ chr_file ]
Source X
Source Path /usr/bin/Xorg
Port <Unknown>
Host localhost.localdomain
Source RPM Packages
xorg-x11-server-Xorg-1.4.99.901-21.20080407.fc9
Target RPM Packages
Policy RPM
selinux-policy-3.3.1-33.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name allow_daemons_use_tty
Host Name localhost.localdomain
Platform Linux
localhost.localdomain
2.6.25-0.218.rc8.git7.fc9.i686 #1 SMP Wed Apr 9
20:35:56 EDT 2008 i686
i686
Alert Count 1
First Seen Wed 16 Apr 2008 06:51:08
PM CDT
Last Seen Wed 16 Apr 2008 06:51:08
PM CDT
Local ID
08f38222-ea43-4584-b095-04504b198679
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC
msg=audit(1208389868.367:37): avc: denied { ioctl }
for pid=2431 comm="X" path="/dev/tty7" dev=tmpfs
ino=237 scontext=user_u:user_r:user_t:s0
tcontext=system_u:object_r:tty_device_t:s0
tclass=chr_file
host=localhost.localdomain type=SYSCALL
msg=audit(1208389868.367:37): arch=40000003 syscall=54
success=yes exit=0 a0=7 a1=4b30 a2=640ba6 a3=51eb851f
items=0 ppid=2430 pid=2431 auid=500 uid=500 gid=500
euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500
tty=tty7 ses=1 comm="X" exe="/usr/bin/Xorg"
subj=user_u:user_r:user_t:s0 key=(null)
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the fedora-selinux-list
mailing list