ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Hylafax with Digi Realport on Fedora 28 and SELinux

    IT Discussion
    1
    1
    276
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pmonchoP
      pmoncho
      last edited by pmoncho

      I am unable to configure SELinux properly to allow faxgetty process.

      I receive the following message in the audit.log

      type=AVC msg=audit(1530011821.626:271): avc:  denied  { write } for  pid=1367 co
mm="faxgetty" name="status" dev="dm-0" ino=13376935 scontext=system_u:system_r:g
etty_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir permi
ssive=0
type=AVC msg=audit(1530011821.626:272): avc:  denied  { read } for  pid=1367 com
m="faxgetty" name="FIFO.ttyaa01" dev="dm-0" ino=13339822 scontext=system_u:syste
m_r:getty_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=
fifo_file permissive=0

      I tried audit2allow with the following result but upon reboot, I have the same error

      
module faxgetty 1.0;

require {
        type var_spool_t;
        type getty_t;
        class capability setuid;
        class dir write;
        class fifo_file read;
}

#============= getty_t ==============

allow getty_t self:capability setuid;
allow getty_t var_spool_t:dir write;
allow getty_t var_spool_t:fifo_file read;

      I either need to disable SELinux or do a "semanage permissive -a getty_t" for faxgetty to run at all.

      1 Reply Last reply Reply Quote 1
      • 1 / 1
      • First post
        Last post