From: "Ed Street" <blacknet@simplyaquatics.com>
To: "'Stephen Smalley'" <sds@tislabs.com>
Cc: "'SE Linux'" <selinux@tycho.nsa.gov>
Subject: RE: sysadm_tty_device_t
Date: Thu, 11 Jul 2002 13:54:27 -0400 [thread overview]
Message-ID: <00da01c22903$fff54520$0a01a8c0@ed> (raw)
In-Reply-To: <Pine.GSO.4.33.0207111336390.15869-100000@raven>
Hello,
OK my /etc/syslogd.conf file contains this
*.* /dev/tty24
when I boot or run-init I get this
allow syslogd_t tty_device_t:chr_file { append };
#EXE=/sbin/syslogd PATH=/dev/tty24 : append
The avc from kern.log is this
Jul 11 13:51:17 debian kernel: avc: denied { append } for pid=160
exe=/sbin/syslogd path=/dev/tty24 dev=72:01 ino=2175725
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file
Syntax is this:
debian:~# id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:sysadm_t
sid=222
run_init /etc/init.d/sysklogd restart
Also states permission denied for /dev/tty24. BTW in case anyone is
wondering /dev/tty1-12 is the left alt key, /dev/tty13-24 is the right
alt key.
Ed
=> -----Original Message-----
=> From: Stephen Smalley [mailto:sds@tislabs.com]
=> Sent: Thursday, July 11, 2002 1:39 PM
=> To: Ed Street
=> Cc: 'SE Linux'
=> Subject: RE: sysadm_tty_device_t
=>
=>
=> On Thu, 11 Jul 2002, Ed Street wrote:
=>
=> > And sysadm_tty_device_t?
=>
=> That was my point. The ttys start in tty_device_t. If login or
newrole
=> creates a sysadm_r:sysadm_t shell, then it relabels the tty to
=> sysadm_tty_device_t. If login or newrole creates a user_r:user_t
shell,
=> then it relabels the tty to user_tty_device_t. These relabeling
=> operations are based on type_change rules in the policy
configuration.
=>
=> --
=> Stephen D. Smalley, NAI Labs
=> ssmalley@nai.com
=>
=>
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2002-07-11 17:54 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-10 7:45 audit bug in fd handling Russell Coker
2002-07-10 11:55 ` Stephen Smalley
2002-07-10 13:12 ` Stephen Smalley
2002-07-10 13:23 ` Ed Street
2002-07-10 14:40 ` Russell Coker
2002-07-11 16:13 ` sysadm_tty_device_t Ed Street
2002-07-11 17:21 ` sysadm_tty_device_t Stephen Smalley
2002-07-11 17:24 ` sysadm_tty_device_t Ed Street
2002-07-11 17:39 ` sysadm_tty_device_t Stephen Smalley
2002-07-11 17:54 ` Ed Street [this message]
2002-07-11 18:19 ` sysadm_tty_device_t Stephen Smalley
2002-07-11 18:24 ` sysadm_tty_device_t Ed Street
2002-07-11 18:35 ` sysadm_tty_device_t Stephen Smalley
2002-07-11 17:55 ` sysadm_tty_device_t Ed Street
2002-07-11 19:55 ` sysadm_tty_device_t Timothy Wood
2002-07-11 19:53 ` sysadm_tty_device_t Ed Street
2002-07-11 20:07 ` sysadm_tty_device_t Stephen Smalley
2002-07-11 20:12 ` sysadm_tty_device_t Timothy Wood
2002-07-11 20:05 ` sysadm_tty_device_t Stephen Smalley
2002-07-19 21:27 ` booting problem Charles R. Fuller
2002-07-22 11:59 ` Stephen Smalley
2002-07-11 18:28 ` sysadm_tty_device_t Timothy Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00da01c22903$fff54520$0a01a8c0@ed' \
--to=blacknet@simplyaquatics.com \
--cc=sds@tislabs.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.