Package: selinux-policy-default Version: 2:0.0.20080702-14 Severity: normal
Summary: SELinux prevented console-kit-dae from using the terminal /dev/tty0. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux prevented console-kit-dae from using the terminal /dev/tty0. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access: Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." Fix Command: setsebool -P allow_daemons_use_tty=1 Additional Information: Source Context system_u:system_r:system_dbusd_t:s0 Target Context system_u:object_r:tty_device_t:s0 Target Objects /dev/tty0 [ chr_file ] Source console-kit-dae Source Path /usr/sbin/console-kit-daemon Port <Unknown> Host champaran Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type default MLS Enabled True Enforcing Mode Permissive Plugin Name allow_daemons_use_tty Host Name champaran Platform Linux champaran 2.6.28-custom #1 SMP Thu Feb 12 19:09:05 IST 2009 i686 Alert Count 1 First Seen Sat 14 Feb 2009 12:37:20 PM IST Last Seen Sat 14 Feb 2009 12:37:20 PM IST Local ID be37b7df-1984-43eb-9c4a-776f15d7ec79 Line Numbers Raw Audit Messages node=champaran type=AVC msg=audit(1234595240.427:48): avc: denied { ioctl } for pid=4988 comm="console-kit-dae" path="/dev/tty0" dev=tmpfs ino=1362 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file node=champaran type=SYSCALL msg=audit(1234595240.427:48): arch=40000003 syscall=54 success=yes exit=0 a0=d a1=5603 a2=bfff52a6 a3=d items=0 ppid=1 pid=4988 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null) -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.28-custom (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.0.1-5 Pluggable Authentication Modules f ii libselinux1 2.0.65-5 SELinux shared libraries ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib ii policycoreutils 2.0.49-8 SELinux core policy utilities ii python 2.5.2-3 An interactive high-level object-o Versions of packages selinux-policy-default recommends: ii checkpolicy 2.0.16-1 SELinux policy compiler ii setools 3.3.5.ds-5 tools for Security Enhanced Linux Versions of packages selinux-policy-default suggests: pn logcheck <none> (no description available) pn syslog-summary <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
