| 1 |
On Wed, 2004-02-25 at 08:47, Michael Ihde wrote: |
| 2 |
> > So is there anything I can do about this error message? E.g. can I |
| 3 |
> > adjust the access rights somehow to make it accessible for the source |
| 4 |
> > countext? (I repeat I'm new to SELinux so please tell me if I'm saying |
| 5 |
> > something stupid.) |
| 6 |
> |
| 7 |
> Yes! In /etc/security/selinux/src/policy/domains/misc/ add a file |
| 8 |
> local.te |
| 9 |
> |
| 10 |
> In this file you can define all your local security policies. Add the |
| 11 |
> line: |
| 12 |
> |
| 13 |
> allow { sshd_t } sysadm_tty_device_t:chr_file { read write }; |
| 14 |
|
| 15 |
No. You almost certainly don't want sshd to be able to read from |
| 16 |
sysadm's terminal. Most likely sshd was just printing something to the |
| 17 |
terminal, so this can be dontaudit'ed. |
| 18 |
|
| 19 |
-- |
| 20 |
Chris PeBenito |
| 21 |
<pebenito@g.o> |
| 22 |
Developer, |
| 23 |
Hardened Gentoo Linux |
| 24 |
Embedded Gentoo Linux |
| 25 |
|
| 26 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 27 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives