Red Hat Bugzilla – Bug 138767
SELinux FAQ - why is there no output from certain daemons run in debug or interactive mode?
Last modified: 2007-04-18 13:14:53 EDT
Description of change/FAQ addition. If a change, include the original
text first, then the changed text:
How come I run certain daemons in debug mode or interactive mode I see
SELinux turns off access to the tty devices in order to stop daemons
from communicating back with the controlling terminal. This is a
potential security hole, in that applications could insert commands into
the controlling terminal and cause havoc.
One mechanism to see the output is to pipe the output to the cat command.
snmpd -v | cat
If you are debugging an application you might want to turn off
transitioning to the daemon, you can do this using s-c-sl.
Or you can turn off enforcing mode via setenforce 0.
Version-Release of FAQ
Included in 1.3-5.
## begin Q/A addition to FAQ
Q: Why do I not see the output when I run certain daemons in debug or
A: SELinux intentionally disables access to the tty devices to stop daemons
from communicating back with the controlling terminal. This communication is a
potential security hole because such daemons could insert commands into the
controlling terminal. A broken or compromised program could cause serious
problems with this.
There are a few ways you can capture STDOUT from daemons. One method is to pipe
the output to the cat command.
snmpd -v | cat
When debugging a daemon, you may want to turn of the transitioning of the daemon
to its specific domain. You can do this using system-config-securitylevel or
setsebool on the command line.
A final option is to turn off enforcing mode while debugging. You can do this
with setenforce 0, using setenforce 1 to reenable SELinux when you are finished
## 30 ##