-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/01/2011 12:45 PM, Dominick Grift wrote:
On Thu, 2011-09-01 at 07:49 -0400, jeremymiller(a)ups.com wrote:
> When I boot my box to single user mode I get this error when
> sulogin tries to run.
>
> type=1400 audit(1296260632.174:5): avc: denied { write } for
> pid=1544 comm="sulogin" path="/dev/pts/0" dev=devpts ino=3
> scontext=system_u:system_r:sulogin_t:s0
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>
> Because of the policy denying the write to /dev/pts/0 I don't get
> the normal prompt:
>
> Give root password for maintenance (or type Control-D to
> continue):
>
> Any ideas if this is expected? I cannot replicate it once I'm in
> run-level 3.
>
> # sestatus SELinux status: enabled SELinuxfs
> mount: /selinux Current mode:
> enforcing Mode from config file: enforcing Policy
> version: 24 Policy from config file:
> targeted
>
> # ls -ldZ /dev/pts drwxr-xr-x. root root
> system_u:object_r:devpts_t:s0 /dev/pts
>
> Red Hat Enterprise Linux Server release 6.1 (Santiago
I do not think that this pty is labelled properly?
I have not tried it since el6.0, but i have this patch:
policy_module(mysulogin, 1.0.0)
optional_policy(` gen_require(` type sulogin_t; ')
allow sulogin_t self:capability dac_override;
kernel_read_crypto_sysctls(sulogin_t) files_search_pids(sulogin_t)
')
Which *seems* to have fixed any sulogin issues for me.
I should try it again some time soon..
> -- JM -- selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Please open a bug with RHEL6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk5fyqwACgkQrlYvE4MpobOulQCeNjrD0Zqsq9DaXfTgroxmEZFq
QoEAn0x7Wosi7Cz+0pt/rWX1ELC4/t6l
=uQhV
-----END PGP SIGNATURE-----