From: alan.rouse@ericsson.com (Alan Rouse)
Date: Wed, 24 Feb 2010 15:37:14 -0500
Subject: [refpolicy] Reference policy and OpenSuse 11.2
In-Reply-To: <1266953956.9127.53.camel@gorn>
References: <5A5E55DF96F73844AF7DFB0F48721F0F52E41FF963@EUSAACMS0703.eamcs.ericsson.se>
	<1266953956.9127.53.camel@gorn>
Message-ID: <5A5E55DF96F73844AF7DFB0F48721F0F52E446CE65@EUSAACMS0703.eamcs.ericsson.se>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Christopher PeBenito wrote:

> But there are still others that still require more investigation.  It looks like mount is being run from dbus, 
> which needs some explanation.  
> 
> The getty denials are most disconcerting.  It looks like its doing the equivalent of something 'ps -A'.  I 
> don't know why it would be doing that, I don't see that behavior on my systems.  Does SuSE patch mingetty?

The avc messages related to getty and mount seem to be (mostly) related to the fact that OpenSuse does parallel execution of init scripts during startup.  Disabling that feature in /etc/sysconfig/boot eliminates the mount denied message and most of the getty messages. Once booted up, mingetty is running in system_u:system_r:getty_t.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150