Hylafax with Digi Realport on Fedora 28 and SELinux



  • I am unable to configure SELinux properly to allow faxgetty process.

    I receive the following message in the audit.log

    type=AVC msg=audit(1530011821.626:271): avc:  denied  { write } for  pid=1367 co
    mm="faxgetty" name="status" dev="dm-0" ino=13376935 scontext=system_u:system_r:g
    etty_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir permi
    ssive=0
    type=AVC msg=audit(1530011821.626:272): avc:  denied  { read } for  pid=1367 com
    m="faxgetty" name="FIFO.ttyaa01" dev="dm-0" ino=13339822 scontext=system_u:syste
    m_r:getty_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=
    fifo_file permissive=0
    

    I tried audit2allow with the following result but upon reboot, I have the same error

    
    module faxgetty 1.0;
    
    require {
            type var_spool_t;
            type getty_t;
            class capability setuid;
            class dir write;
            class fifo_file read;
    }
    
    #============= getty_t ==============
    
    allow getty_t self:capability setuid;
    allow getty_t var_spool_t:dir write;
    allow getty_t var_spool_t:fifo_file read;
    

    I either need to disable SELinux or do a "semanage permissive -a getty_t" for faxgetty to run at all.


Log in to reply