Bug 432007 - SELinux warning
SELinux warning
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-08 07:27 EST by Wayne Price
Modified: 2008-11-17 17:03 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-17 17:03:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wayne Price 2008-02-08 07:27:55 EST
Description of problem:
setroubleshoot browser gave warning, and suggested filing as a bug report.
Problem occurred by 'chsh' to '/bin/tcsh' for the logged in user.



Summary
SELinux prevented /sbin/unix_update from using the terminal .

Detailed Description
SELinux prevented /sbin/unix_update from using the terminal . In most cases
daemons do not need to interact with the terminal, usually these avc messages
can be ignored. All of the confined daemons should have dontaudit rules around
using the terminal. Please file a bug report against this selinux-policy. If you
would like to allow all daemons to interact with the terminal, you can turn on
the allow_daemons_use_tty boolean.

Allowing Access
Changing the "allow_daemons_use_tty" boolean to true will allow this access:
"setsebool -P allow_daemons_use_tty=1.
"The following command will allow this access:setsebool -P allow_daemons_use_tty=1

Additional Information

Source Context:  system_u:system_r:updpwd_t:s0
Target Context:  system_u:object_r:unconfined_devpts_t:s0
Target Objects:  None [ chr_file ]
Affected RPM Packages:  pam-0.99.8.1-10.fc8 [application]
Policy RPM:  selinux-policy-3.0.8-81.fc8
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.allow_daemons_use_tty
Host Name:  falcon.miramar
Platform:  Linux falcon.miramar 2.6.23.14-115.fc8 #1 SMP Mon Jan 21 14:22:56 EST
2008 x86_64 x86_64
Alert Count:  1
First Seen:  Fri 08 Feb 2008 12:20:32 PM GMT
Last Seen:  Fri 08 Feb 2008 12:20:32 PM GMT
Local ID:  b6bb1c39-d8c6-47ad-817b-f0cfa70877e8
Line Numbers:  
Raw Audit Messages 
:avc: denied { read write } for comm=unix_update dev=devpts egid=500 euid=0
exe=/sbin/unix_update exit=0 fsgid=500 fsuid=0 gid=500 items=0 name=2 pid=3370
scontext=system_u:system_r:updpwd_t:s0 sgid=500
subj=system_u:system_r:updpwd_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2008-02-08 10:49:32 EST
You can ignore this for now, it will be dontaudit'd in the next release.

Fixed in selinux-policy-3.0.8-84.fc8
Comment 2 Daniel Walsh 2008-11-17 17:03:00 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.