Description of problem: I'm running a localhost httpd server and I need write on a ttyUSB0 port (its my device who will receive an information). The PHP class open the port and send the serial information to my device and close the connection When I try to run, the SELinux don't let the command go to my device. Additional info: libreport version: 2.0.18 kernel: 3.6.7-4.fc17.i686 description: :SELinux is preventing /usr/bin/stty from 'ioctl' accesses on the chr_file /dev/ttyUSB0. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that stty should be allowed ioctl access on the ttyUSB0 chr_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep stty /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:httpd_t:s0 :Target Context system_u:object_r:usbtty_device_t:s0 :Target Objects /dev/ttyUSB0 [ chr_file ] :Source stty :Source Path /usr/bin/stty :Port <Unknown> :Host (removed) :Source RPM Packages coreutils-8.15-8.fc17.i686 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-159.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.7-4.fc17.i686 #1 SMP Tue Nov : 20 20:13:04 UTC 2012 i686 i686 :Alert Count 3 :First Seen 2012-11-22 11:32:39 BRST :Last Seen 2012-11-22 11:37:34 BRST :Local ID 89f99c32-2793-406f-97b5-73ecaddcf6e4 : :Raw Audit Messages :type=AVC msg=audit(1353591454.416:142): avc: denied { ioctl } for pid=2968 comm="stty" path="/dev/ttyUSB0" dev="devtmpfs" ino=10186 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file : : :type=SYSCALL msg=audit(1353591454.416:142): arch=i386 syscall=ioctl success=no exit=EACCES a0=0 a1=5401 a2=bfe07f08 a3=bfe07fb4 items=0 ppid=2887 pid=2968 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=stty exe=/usr/bin/stty subj=system_u:system_r:httpd_t:s0 key=(null) : :Hash: stty,httpd_t,usbtty_device_t,chr_file,ioctl : :audit2allow : :#============= httpd_t ============== :allow httpd_t usbtty_device_t:chr_file ioctl; : :audit2allow -R : :#============= httpd_t ============== :allow httpd_t usbtty_device_t:chr_file ioctl; :
Created attachment 649821 [details] File: type
Created attachment 649822 [details] File: hashmarkername
You will need to execute these steps # semanage permissive -a httpd_t re-run it # ausearch -m avc -ts recent |audit2allow -R -M myhttpd # semodule -i myhttpd.pp # semanage permissive -d httpd_t Could you then also execute # cat myhttpd.te
Thank you.!