On Thu, 2004-09-16 at 13:46, Daniel J Walsh wrote:
Problem is sysadm is transitioning to the mount command which is not
allowed to write to tty devices.
Normal users don't have the problem since they don't transition to mount.
Not sure how to solve.
You can allow mount_t to rw admin_tty_type:chr_file; it isn't the same
situation as with a daemon where you want to prevent a compromised
daemon from being able to access it.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency