Am Dienstag, den 29.12.2009, 14:06 +0100 schrieb Dominick Grift:
[...]
Well there was already policy for getty present but it seems to not
be
sufficient for your configuration (or it may signal misconfiguration on
your part)
Yes, but mgetty does lots more than getty (which can be used for serial
devices, too). It is always possible I made a mistake configuring
mgetty, but I'm using it for ca 15 years now (starting with some 0.x
release, if I remember correctly), so I'm fairly confident I did not...
The extensions needed for the policy are for the mechanisms after the
successful receipt of a fax, and as this is nothing needed in the
getty-policy I guess mgetty does need its own policy.
With regard to system_mail_t this is likely due to a bug. (known bug)
Where the tty device does not get properly labeled. My fix makes it work
but it is not a good fix ( user tty devices need to get labeled properly)
If you are certain that you are using getty properly then consider
reporting the AVC denials and my policy for getty_t to
bugzilla/selinux-policy so that getties policy can be extended to
support your configuration.
Yes, I forgot to ask in my last mail, I will check and try to
understand, possibly help weed out the (possible) bugs and then go
ahead.
Thanks,
Klaus
--
------------------------------------------------------------------------
Klaus Lichtenwalder, Dipl. Inform.,
http://lklaus.homelinux.org/Klaus/
PGP Key fingerprint: A5C0 F73A 2C83 96EE 766B 9C62 DB6D 1258 0E9B B6D1