Red Hat Bugzilla – Bug 476978
(staff_u) SELinux prevented gpgkeys_hkp from using the terminal 2
Last modified: 2018-04-11 13:25:32 EDT
Whenever I run gpg --search-key (or the equivalent is run by seahorse), I get this. I don't think that this should be banned. ----------------------- SELinux prevented gpgkeys_hkp from using the terminal 2. Podrobný popis: [SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena kvůli uvolněnému režimu.] SELinux prevented gpgkeys_hkp from using the terminal 2. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Povolení přístupu: Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." Příkaz pro opravu: setsebool -P allow_daemons_use_tty=1 Další informace: Kontext zdroje staff_u:staff_r:gpg_helper_t:SystemLow-SystemHigh Kontext cíle staff_u:object_r:staff_devpts_t Objekty cíle 2 [ chr_file ] Zdroj gpgkeys_hkp Cesta zdroje /usr/lib/gnupg/gpgkeys_hkp Port <Neznámé> Počítač viklef RPM balíčky zdroje gnupg-1.4.9-4.fc10 RPM balíčky cíle RPM politiky selinux-policy-3.5.13-34.fc10 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu allow_daemons_use_tty Název počítače viklef Platforma Linux viklef 2.6.27.7-134.fc10.i686 #1 SMP Mon Dec 1 22:42:50 EST 2008 i686 i686 Počet upozornění 3 Poprvé viděno Čt 18. prosinec 2008, 12:37:38 CET Naposledy viděno Čt 18. prosinec 2008, 12:42:23 CET Místní ID c55d4c0b-b0aa-4ea1-b5b1-6e5ccc3609e9 Čísla řádků Původní zprávy auditu node=viklef type=AVC msg=audit(1229600543.197:2604): avc: denied { read write } for pid=32114 comm="gpgkeys_hkp" name="2" dev=devpts ino=4 scontext=staff_u:staff_r:gpg_helper_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file node=viklef type=SYSCALL msg=audit(1229600543.197:2604): arch=40000003 syscall=11 success=yes exit=0 a0=b897c888 a1=bffd228c a2=bffd3a1c a3=1 items=0 ppid=32113 pid=32114 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 ses=2 comm="gpgkeys_hkp" exe="/usr/lib/gnupg/gpgkeys_hkp" subj=staff_u:staff_r:gpg_helper_t:s0-s0:c0.c1023 key=(null)
reassigning to selinux-policy per instructions.
You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.5.13-35.fc10
This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping