Set SELinux to allow only httpd daemon to use specific tty device
Emmanuel Noobadmin
centos.admin at gmail.com
Sun May 4 04:22:59 UTC 2014
Using Fedora 20 3.11.10-301.fc20.x86_64 and selinux targeted policy.29
I've a PHP application that sends data to a USB tty device e.g.
/dev/usbDataCollector
Unfortunately selinux is blocking this action. When set to permissive,
the alert browser suggests the command: setsebool -P daemons_use_tty 1
The documentation says Allow all daemons the ability to use
unallocated ttys. This naturally doesn't sound like a good idea
although admittedly it probably won't hurt in this particular
installation. However, I thought it would be good to find the
'correct' solution to this.
But I am unable to find a more fine grain SELinux control for this,
Fedora 20 has no documentation and the only vaguely relevant one I
could find elsewhere is httpd_tty_com which appears unrelated as it is
about allow httpd to communicate with terminal.
So the question is whether there is any way to do this or is allowing
all daemons the only option?
More information about the users
mailing list