From: samgandhi9@gmail.com (Sam Gandhi) Date: Mon, 6 Jun 2011 16:26:41 -0700 Subject: [refpolicy] Help with policy definition. Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I am writing a policy for embedded device that I am working with. When I am in permissive mode I can login to my console located on /dev/ttymxc1. which generate AVC message user.notice kernel: type=1400 audit(165.890:8): avc: denied { relabelto } for pid=605 comm="login" name="ttymxc1" dev=tmpfs ino=1475 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:tty_device_t tclass=chr_file which audit2allow says should translate to : allow kernel_t tty_device_t:chr_file relabelto; Even if with above allow rule when in enforcing mode I am not able to login to my serial console and I get message on the console. login: chsid(/dev/ttymxc1, user_u:object_r:tty_device_t) failed: /dev/ttymxc1 in my case has label of user_u:object_r:tty_device_t What am I missing in my configuration or any hints on how I should go about debugging this issue/ /Sam