SELinux prevented dbus-daemon from using the terminal /dev/tty1.
Antonio Olivares
olivares14031 at yahoo.com
Mon Mar 3 22:03:12 UTC 2008
At one point, these were cured and now they reappear.
How can I make them go away for good?
Thanks,
Antonio
Summary:
SELinux prevented dbus-daemon from using the terminal
/dev/tty1.
Detailed Description:
SELinux prevented dbus-daemon from using the terminal
/dev/tty1. In most cases
daemons do not need to interact with the terminal,
usually these avc messages
can be ignored. All of the confined daemons should
have dontaudit rules around
using the terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this selinux-policy.
If you would like to allow all daemons to interact
with the terminal, you can
turn on the allow_daemons_use_tty boolean.
Allowing Access:
Changing the "allow_daemons_use_tty" boolean to true
will allow this access:
"setsebool -P allow_daemons_use_tty=1."
Fix Command:
setsebool -P allow_daemons_use_tty=1
Additional Information:
Source Context
unconfined_u:unconfined_r:unconfined_dbusd_t
:SystemLow-SystemHigh
Target Context
unconfined_u:object_r:unconfined_tty_device_t
Target Objects /dev/tty1 [ chr_file ]
Source dbus-daemon
Source Path /bin/dbus-daemon
Port <Unknown>
Host localhost
Source RPM Packages dbus-1.1.20-1.fc9
Target RPM Packages
Policy RPM
selinux-policy-3.3.1-9.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_daemons_use_tty
Host Name localhost
Platform Linux localhost
2.6.25-0.80.rc3.git2.fc9 #1 SMP
Fri Feb 29 18:17:34 EST
2008 i686 athlon
Alert Count 14
First Seen Fri 01 Feb 2008 05:06:20
PM CST
Last Seen Mon 03 Mar 2008 03:57:07
PM CST
Local ID
c0a79310-b4d4-41fc-a712-a4db505290d5
Line Numbers
Raw Audit Messages
host=localhost type=AVC
msg=audit(1204581427.951:2778): avc: denied { read
write } for pid=1306 comm="dbus-daemon"
path="/dev/tty1" dev=tmpfs ino=1857
scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0
tclass=chr_file
host=localhost type=SYSCALL
msg=audit(1204581427.951:2778): arch=40000003
syscall=11 success=yes exit=0 a0=804c908 a1=bf92fc8c
a2=bf9310b4 a3=7 items=0 ppid=1305 pid=1306 auid=500
uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 tty=(none) ses=1 comm="dbus-daemon"
exe="/bin/dbus-daemon"
subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
key=(null)
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the fedora-test-list
mailing list