SElinux problem
I am trying to setup my fedora core 8 as a ppp server. I have a winmodem and i have setup it according to following link
http://www20.brinkster.com/olivares/...d-setup-1.html and using slmodem-2.9.11-20080417.tar.gz and ungrab-winmodem-20080126 from following link http://linmodems.technion.ac.il/packages/smartlink/ Now i can dial any phone number and thus modem is working fine. Then i setup my ppp server using instructions from following link http://howtoforge.com/linux_dialin_server But when i see #tail -f /var/log/messages May 3 01:31:21 myisp mgetty[15229]: mod: cannot open line /dev/ttySL0: Permission denied May 3 01:31:21 myisp mgetty[15229]: open device /dev/ttySL0 failed: Permission denied May 3 01:31:21 myisp mgetty[15229]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 01:31:21 myisp init: Id "SL0" respawning too fast: disabled for 5 minutes May 3 01:31:23 myisp setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 I then followed the instruction and run following command # setsebool -P allow_daemons_use_tty=1 But SElinux keeps on giving same message every five minutes. Also, when i login as another user and run pppd i see # tail -f /var/log/messages May 3 01:44:20 myisp pppd[15355]: pppd 2.4.4 started by rajdeep, uid 501 May 3 01:44:20 myisp pppd[15355]: Using interface ppp0 May 3 01:44:20 myisp pppd[15355]: Connect: ppp0 <--> /dev/tty1 May 3 01:44:22 myisp acpid: client connected from 2517[0:0] May 3 01:44:22 myisp acpid: 1 client rule loaded So i think pppd is working but maybe it is not able to open the modem properly. What should i do? |
What does 'sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3' return? Are there any other AVC messages?
|
Quote:
# setsebool -P allow_daemons_use_tty=1 which i run ; but after some time same message comes again and avc denies. |
Quote:
|
Quote:
May 3 19:01:01 localhost mgetty[3793]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:01:01 localhost mgetty[3793]: open device /dev/ttySL0 failed: Permission denied May 3 19:01:01 localhost mgetty[3793]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:01:01 localhost mgetty[3794]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:01:01 localhost mgetty[3794]: open device /dev/ttySL0 failed: Permission denied May 3 19:01:01 localhost mgetty[3794]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:01:02 localhost mgetty[3798]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:01:02 localhost mgetty[3798]: open device /dev/ttySL0 failed: Permission denied May 3 19:01:02 localhost mgetty[3798]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:01:02 localhost init: Id "SL0" respawning too fast: disabled for 5 minutes May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:01:04 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 [root@localhost ~]# sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 Summary SELinux prevented /sbin/mgetty from using the terminal <Unknown>. Detailed Description SELinux prevented /sbin/mgetty from using the terminal <Unknown>. In most cases daemons do not need to interact with the terminal, usually these avc messages can be ignored. All of the confined daemons should have dontaudit rules around using the terminal. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this selinux- policy. If you would like to allow all daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. Allowing Access Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1." The following command will allow this access: setsebool -P allow_daemons_use_tty=1 Additional Information Source Context system_u:system_r:getty_t:s0 Target Context system_u:object_r:unconfined_devpts_t:s0 Target Objects None [ chr_file ] Affected RPM Packages mgetty-1.1.33-11.fc8 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_daemons_use_tty Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 i686 Alert Count 280 First Seen Fri May 2 18:13:57 2008 Last Seen Sat May 3 19:01:02 2008 Local ID c11200ee-abc1-45f1-b64e-3e816e74a3c3 Line Numbers Raw Audit Messages avc: denied { read write } for comm=mgetty dev=devpts egid=0 euid=0 exe=/sbin/mgetty exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=2 pid=3798 scontext=system_u:system_r:getty_t:s0 sgid=0 subj=system_u:system_r:getty_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:unconfined_devpts_t:s0 tty=(none) uid=0 [root@localhost ~]# setsebool -P allow_daemons_use_tty=1 [root@localhost ~]# tail -f /var/log/messages May 3 19:03:16 localhost dbus: avc: received policyload notice (seqno=2) May 3 19:03:16 localhost setsebool: The allow_daemons_use_tty policy boolean was changed to 1 by root May 3 19:06:03 localhost mgetty[3815]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:03 localhost mgetty[3815]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:03 localhost mgetty[3815]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:04 localhost mgetty[3816]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:04 localhost mgetty[3816]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:04 localhost mgetty[3816]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:04 localhost mgetty[3817]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:04 localhost mgetty[3817]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:04 localhost mgetty[3817]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:05 localhost mgetty[3818]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:05 localhost mgetty[3818]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:05 localhost mgetty[3818]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:05 localhost mgetty[3819]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:05 localhost mgetty[3819]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:05 localhost mgetty[3819]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:06 localhost mgetty[3820]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:06 localhost mgetty[3820]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:06 localhost mgetty[3820]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:06 localhost mgetty[3821]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:06 localhost mgetty[3821]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:06 localhost mgetty[3821]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:06 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:07 localhost mgetty[3822]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:07 localhost mgetty[3822]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:07 localhost mgetty[3822]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:07 localhost mgetty[3823]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:07 localhost mgetty[3823]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:07 localhost mgetty[3823]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:08 localhost mgetty[3824]: mod: cannot open line /dev/ttySL0: Permission denied May 3 19:06:08 localhost mgetty[3824]: open device /dev/ttySL0 failed: Permission denied May 3 19:06:08 localhost mgetty[3824]: cannot get terminal line dev=ttySL0, exiting: Permission denied May 3 19:06:08 localhost init: Id "SL0" respawning too fast: disabled for 5 minutes May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l e0207873-9500-4bde-bc45-d20045a05afb May 3 19:06:10 localhost setroubleshoot: #012 SELinux prevented /sbin/mgetty from using the terminal <Unknown>.#012 For complete SELinux messages. run sealert -l c11200ee-abc1-45f1-b64e-3e816e74a3c3 So, the problem persists even if i do as per instructed( i.e. run setsebool -P allow_daemons_use_tty=1) |
It seems that next to c11200ee-abc1-45f1-b64e-3e816e74a3c3 you have a second (related?) issue: e0207873-9500-4bde-bc45-d20045a05afb. What is the effect of using a local policy with those AVC messages?
|
All times are GMT -5. The time now is 05:12 PM. |