Description of change/FAQ addition. If a change, include the original text first, then the changed text: (from dwalsh) How come I run certain daemons in debug mode or interactive mode I see no output? SELinux turns off access to the tty devices in order to stop daemons from communicating back with the controlling terminal. This is a potential security hole, in that applications could insert commands into the controlling terminal and cause havoc. One mechanism to see the output is to pipe the output to the cat command. snmpd -v | cat If you are debugging an application you might want to turn off transitioning to the daemon, you can do this using s-c-sl. Or you can turn off enforcing mode via setenforce 0. Version-Release of FAQ selinux-faq-1.3-3 (2004-11-09-T04:20-0800)
Included in 1.3-5. ## begin Q/A addition to FAQ Q: Why do I not see the output when I run certain daemons in debug or interactive mode? A: SELinux intentionally disables access to the tty devices to stop daemons from communicating back with the controlling terminal. This communication is a potential security hole because such daemons could insert commands into the controlling terminal. A broken or compromised program could cause serious problems with this. There are a few ways you can capture STDOUT from daemons. One method is to pipe the output to the cat command. snmpd -v | cat When debugging a daemon, you may want to turn of the transitioning of the daemon to its specific domain. You can do this using system-config-securitylevel or setsebool on the command line. A final option is to turn off enforcing mode while debugging. You can do this with setenforce 0, using setenforce 1 to reenable SELinux when you are finished debugging. ## 30 ##