Fedora
 » 
Fedora SELinux List

Can I allow console_type_t to access pppd_t?

View: New views
2 Messages — Rating Filter:   Alert me  

Can I allow console_type_t to access pppd_t?

by chenh :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


Everytime I use adsl connection, AVC alerts: "SELinux is preventing consoletype (consoletype_t) "read write" pppd_t. " I typed "audit2allow -a" and saw:

#============= alsa_t ==============
allow alsa_t file_t:file read;

#============= consoletype_t ==============
allow consoletype_t file_t:file read;
allow consoletype_t pppd_t:packet_socket { read write };

#============= dmesg_t ==============
allow dmesg_t file_t:file read;

#============= hwclock_t ==============
allow hwclock_t file_t:file read;

#============= ifconfig_t ==============
allow ifconfig_t file_t:file read;

#============= mount_t ==============
allow mount_t file_t:file unlink;

#============= setroubleshootd_t ==============
allow setroubleshootd_t locate_var_lib_t:file read;

There're two rule about consoletype above. Is it safe to add them using audit2allow? Thanks!


"中国制造",讲述中国60年往事
--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Can I allow console_type_t to access pppd_t?

by Miroslav Grepl :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

On 09/28/2009 03:50 AM, chenh wrote:

Everytime I use adsl connection, AVC alerts: "SELinux is preventing consoletype (consoletype_t) "read write" pppd_t. " I typed "audit2allow -a" and saw:

#============= alsa_t ==============
allow alsa_t file_t:file read;

#============= consoletype_t ==============
allow consoletype_t file_t:file read;
allow consoletype_t pppd_t:packet_socket { read write };

#============= dmesg_t ==============
allow dmesg_t file_t:file read;

#============= hwclock_t ==============
allow hwclock_t file_t:file read;

#============= ifconfig_t ==============
allow ifconfig_t file_t:file read;

#============= mount_t ==============
allow mount_t file_t:file unlink;

#============= setroubleshootd_t ==============
allow setroubleshootd_t locate_var_lib_t:file read;


Looks like your machine is mislabeled. Could you try to execute:

# fixfiles restore
# reboot

What is your version of selinux-policy.
# rpm -q selinux-policy selinux-policy-targeted


There're two rule about consoletype above. Is it safe to add them using audit2allow? Thanks!


"中国制 造",讲述中国60年往事 

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list






--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Free embeddable forum powered by Nabble Forum Help