On 17.03.2004 20:31, Russell Coker wrote:
On Thu, 18 Mar 2004 15:14, Aleksey Nogin <aleksey(a)nogin.org>
wrote:
>If I want syslogd to log to a tty, what is the "proper" way of allowing it?
>
>Should I augment the local file contexts to set /dev/tty10 to be
>var_log_t? Or should I augment the local policies to allow syslogd_t
>processes more access? Or should I do something else?
allow syslogd_t tty_device_t:chr_file { getattr write };
Should hopefully do it.
Thanks!
But what I am seeing (before any mods) is
Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied {
append } for pid=1744 exe=/sbin/syslogd name=tty10 dev=hda2 ino=2688363
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file
Mar 17 19:38:58 dell kernel: audit(1079581129.323:0): avc: denied {
ioctl } for pid=1744 exe=/sbin/syslogd path=/dev/tty10 dev=hda2
ino=2688363 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file
and I am not sure whether giving ioctl access is a reasonable or too much.
--
Aleksey Nogin
Home Page:
http://nogin.org/
E-Mail: nogin(a)cs.caltech.edu (office), aleksey(a)nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907