sulogin
Daniel J Walsh
dwalsh at redhat.com
Thu Sep 1 18:10:52 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/01/2011 12:45 PM, Dominick Grift wrote:
> On Thu, 2011-09-01 at 07:49 -0400, jeremymiller at ups.com wrote:
>> When I boot my box to single user mode I get this error when
>> sulogin tries to run.
>>
>> type=1400 audit(1296260632.174:5): avc: denied { write } for
>> pid=1544 comm="sulogin" path="/dev/pts/0" dev=devpts ino=3
>> scontext=system_u:system_r:sulogin_t:s0
>> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>>
>> Because of the policy denying the write to /dev/pts/0 I don't get
>> the normal prompt:
>>
>> Give root password for maintenance (or type Control-D to
>> continue):
>>
>> Any ideas if this is expected? I cannot replicate it once I'm in
>> run-level 3.
>>
>> # sestatus SELinux status: enabled SELinuxfs
>> mount: /selinux Current mode:
>> enforcing Mode from config file: enforcing Policy
>> version: 24 Policy from config file:
>> targeted
>>
>> # ls -ldZ /dev/pts drwxr-xr-x. root root
>> system_u:object_r:devpts_t:s0 /dev/pts
>>
>> Red Hat Enterprise Linux Server release 6.1 (Santiago
>
> I do not think that this pty is labelled properly?
>
> I have not tried it since el6.0, but i have this patch:
>
> policy_module(mysulogin, 1.0.0)
>
> optional_policy(` gen_require(` type sulogin_t; ')
>
> allow sulogin_t self:capability dac_override;
> kernel_read_crypto_sysctls(sulogin_t) files_search_pids(sulogin_t)
> ')
>
> Which *seems* to have fixed any sulogin issues for me.
>
> I should try it again some time soon..
>
>> -- JM -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Please open a bug with RHEL6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5fyqwACgkQrlYvE4MpobOulQCeNjrD0Zqsq9DaXfTgroxmEZFq
QoEAn0x7Wosi7Cz+0pt/rWX1ELC4/t6l
=uQhV
-----END PGP SIGNATURE-----
More information about the selinux
mailing list