1 |
On Wed, 2004-02-25 at 08:47, Michael Ihde wrote: |
2 |
> > So is there anything I can do about this error message? E.g. can I |
3 |
> > adjust the access rights somehow to make it accessible for the source |
4 |
> > countext? (I repeat I'm new to SELinux so please tell me if I'm saying |
5 |
> > something stupid.) |
6 |
> |
7 |
> Yes! In /etc/security/selinux/src/policy/domains/misc/ add a file |
8 |
> local.te |
9 |
> |
10 |
> In this file you can define all your local security policies. Add the |
11 |
> line: |
12 |
> |
13 |
> allow { sshd_t } sysadm_tty_device_t:chr_file { read write }; |
14 |
|
15 |
No. You almost certainly don't want sshd to be able to read from |
16 |
sysadm's terminal. Most likely sshd was just printing something to the |
17 |
terminal, so this can be dontaudit'ed. |
18 |
|
19 |
-- |
20 |
Chris PeBenito |
21 |
<pebenito@g.o> |
22 |
Developer, |
23 |
Hardened Gentoo Linux |
24 |
Embedded Gentoo Linux |
25 |
|
26 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
27 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |