Description of problem: Summary: SELinux prevented su(/bin/su) from using the terminal <Unknown>. Detailed Description: [SELinux in permissive mode, the operation would have been denied but was permitted due to enforcing mode.] SELinux prevented su(/bin/su) from using the terminal <Unknown>. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access: Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." The following command will allow this access: setsebool -P allow_daemons_use_tty=1 Additional Information: Source Context unconfined_u:system_r:initrc_su_t Target Context unconfined_u:object_r:unconfined_devpts_t Target Objects None [ chr_file ] Source su(/bin/su) Port <Unknown> Host hubmaier.ceplovi.cz Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.2.5-19.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name allow_daemons_use_tty Host Name hubmaier.ceplovi.cz Platform Linux hubmaier.ceplovi.cz 2.6.24-0.167.rc8.git4.fc9 #1 SMP Tue Jan 22 22:53:00 EST 2008 x86_64 x86_64 Alert Count 1 First Seen Po 28. leden 2008, 15:59:52 CET Last Seen Po 28. leden 2008, 15:59:52 CET Local ID 2d0ea05c-c95f-4d35-ab88-55c89582f161 Line Numbers Raw Audit Messages host=hubmaier.ceplovi.cz type=AVC msg=audit(1201532392.74:888): avc: denied { read write } for pid=8907 comm="su" name="1" dev=devpts ino=3 scontext=unconfined_u:system_r:initrc_su_t:s0 tcontext=unconfined_u:object_r:unconfined_devpts_t:s0 tclass=chr_file host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1201532392.74:888): arch=c000003e syscall=59 success=yes exit=0 a0=8d1e70 a1=8c8410 a2=8d39d0 a3=8 items=0 ppid=8894 pid=8907 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="su" exe="/bin/su" subj=unconfined_u:system_r:initrc_su_t:s0 key=(null) Version-Release number of selected component (if applicable): coreutils-6.10-1.fc9.x86_64 selinux-policy-targeted-3.2.5-19.fc9.noarch How reproducible: not sure (happened couple of times in the last couple of minutes) Steps to Reproduce: 1.not sure -- sealert happened and all information I have is what you see above 2. 3. Actual results: SELinux alert happened Expected results: it shouldn't Additional info: Actually I haven't use /bin/su directly (I use sudo all the time), so it had to be some script or something doing this. The last two things I did was reinstalling and chkconfig-on setroubleshootd and yum-updatesd.
Fixed in selinux-policy-3.2.5-20
Confirmed fixed via IRC ... closing RAWHIDE