Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SELinux: emerge cannot access /dev/pts/1
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
LubosD
Apprentice
Apprentice


Joined: 30 Jun 2005
Posts: 210
Location: Czech Republic

PostPosted: Mon Oct 24, 2016 9:13 pm    Post subject: SELinux: emerge cannot access /dev/pts/1 Reply with quote

Hi,

I'm probably overlooking something simple, but I can fix this problem.

I'm trying out SELinux with SELINUXTYPE=targeted, but when enforcing, emerge stops working, but only if I'm logged in via ssh (it works when I log in locally!). dmesg shows these errors:

Code:
[ 1676.886622] audit: type=1400 audit(1477342945.612:130): avc:  denied  { read write } for  pid=2703 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 scontext=unconfined_u:unconfined_r:portage_t tcontext=unconfined_u:object_r:initrc_devpts_t tclass=chr_file permissive=0
[ 1676.886663] audit: type=1400 audit(1477342945.612:131): avc:  denied  { use } for  pid=2703 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:system_r:initrc_t tclass=fd permissive=0
[ 1676.886679] audit: type=1400 audit(1477342945.612:132): avc:  denied  { use } for  pid=2703 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:system_r:initrc_t tclass=fd permissive=0
[ 1676.886685] audit: type=1400 audit(1477342945.612:133): avc:  denied  { use } for  pid=2703 comm="emerge" path="/dev/pts/1" dev="devpts" ino=4 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:system_r:initrc_t tclass=fd permissive=0


How do I fix this?

Additional info:
Code:
# ls -lZ /dev/pts
total 0
crw--w----. 1 root tty  unconfined_u:object_r:initrc_devpts_t 136, 0 Oct 24 21:01 0
crw--w----. 1 root tty  unconfined_u:object_r:initrc_devpts_t 136, 1 Oct 24 21:08 1
c---------. 1 root root system_u:object_r:ptmx_t                5, 2 Oct 24 20:34 ptmx


my root user:
Code:
# id -Z
unconfined_u:unconfined_r:unconfined_t
Back to top
View user's profile Send private message
olejseba
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2005
Posts: 95

PostPosted: Mon Nov 07, 2016 9:53 am    Post subject: Reply with quote

Sorry for my English. Give us the result #getsebool -a. Set ssh_sysadm_login ON. After logging in as root #newrole -r sysadm_r. Try it.
_________________
"Logic will get you from A to B. Imagination will take you everywhere."
Albert Einstein
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum