Bug 432007
| Summary: | SELinux warning | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Wayne Price <w.price> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-11-17 22:03:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
You can ignore this for now, it will be dontaudit'd in the next release. Fixed in selinux-policy-3.0.8-84.fc8 Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |
Description of problem: setroubleshoot browser gave warning, and suggested filing as a bug report. Problem occurred by 'chsh' to '/bin/tcsh' for the logged in user. Summary SELinux prevented /sbin/unix_update from using the terminal . Detailed Description SELinux prevented /sbin/unix_update from using the terminal . In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1. "The following command will allow this access:setsebool -P allow_daemons_use_tty=1 Additional Information Source Context: system_u:system_r:updpwd_t:s0 Target Context: system_u:object_r:unconfined_devpts_t:s0 Target Objects: None [ chr_file ] Affected RPM Packages: pam-0.99.8.1-10.fc8 [application] Policy RPM: selinux-policy-3.0.8-81.fc8 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.allow_daemons_use_tty Host Name: falcon.miramar Platform: Linux falcon.miramar 2.6.23.14-115.fc8 #1 SMP Mon Jan 21 14:22:56 EST 2008 x86_64 x86_64 Alert Count: 1 First Seen: Fri 08 Feb 2008 12:20:32 PM GMT Last Seen: Fri 08 Feb 2008 12:20:32 PM GMT Local ID: b6bb1c39-d8c6-47ad-817b-f0cfa70877e8 Line Numbers: Raw Audit Messages :avc: denied { read write } for comm=unix_update dev=devpts egid=500 euid=0 exe=/sbin/unix_update exit=0 fsgid=500 fsuid=0 gid=500 items=0 name=2 pid=3370 scontext=system_u:system_r:updpwd_t:s0 sgid=500 subj=system_u:system_r:updpwd_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=(none) uid=0