From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10 Description of problem: I get an annoying selinux policy error when I attempt to launch a root terminal window from a user gnome session: "SELinux prevented /bin/su from using the terminal /dev/pts/0. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean." Version-Release number of selected component (if applicable): selinux-policy-3.0.8-68.fc8 How reproducible: Always Steps to Reproduce: 1.Create a launcher on the gnome panel, command: gnome-terminal --geometry=80x50 --window-with-profile=Root --title=root -e 'su - root' 2.Use this launcher to launch a root window. 3.Notification area on panel shows an error. Actual Results: Error indicated in Notification Area on gnome panel. Expected Results: The gnome-terminal launches without error. Additional info: Source Context: system_u:system_r:initrc_su_t:s0 Target Context: system_u:object_r:rhgb_devpts_t:s0 Target Objects: /dev/pts/0 [ chr_file ] Affected RPM Packages: coreutils-6.9-12.fc8 [application] Policy RPM: selinux-policy-3.0.8-68.fc8 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: PermissivePlugin Name: plugins.allow_daemons_use_tty Host Name: dad Platform: Linux dad 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686Alert Count: 4 First Seen: Mon 24 Dec 2007 01:18:15 AM EST Last Seen: Mon 24 Dec 2007 07:05:35 AM ESTLocal ID: e5d4cd3e-87c7-480a-a0ae-6e520c3a478d Line Numbers: Raw Audit Messages : avc: denied { read write } for comm=su dev=devpts egid=0 euid=0 exe=/bin/su exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/dev/pts/0 pid=2345 scontext=system_u:system_r:initrc_su_t:s0 sgid=0 subj=system_u:system_r:initrc_su_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:rhgb_devpts_t:s0 tty=(none) uid=0
This looks like you have a badly mislabeled system. You are logging in with a bizarre context and this usually happens when your labeling is screwed up. touch /.autorelabel; reboot Should fix the labeling.