next up previous contents
Next: 8.12 Configuring access control Up: 8 Specification of simplified Previous: 8.10 Configuring access control   Contents

Subsections

8.11 Configuring access control to tty/pts devices

8.11.1 allowtty

allowtty is used to control access to tty device files(/dev/tty*). In SELinux environment, tty device files are given label according to login user's role. So tty device files should be treated differently in simplified language.
  1. Syntax
    1. allowtty -create;
    2. allowtty role [r],[w];
    3. allowtty -change role;
  2. Meaning
    1. This is usually used in role section. Allow role to have its own tty device. At the time of login, by login program, role's tty device file is given type role prefix_tty_device_t.
    2. Allow to read/write role's tty device.
    3. Allow to change label of tty device, and rename, unlink.
  3. Special role
    If role is general, this means tty before labeled(The type is devtty_t and tty_device_t). If role is global, this means all tty devices.

8.11.2 allowpts

allowpts is used to control access to pseudo tty device files(/dev/pts). Device under /dev/pts is terminal for remote login and login from gdm.

  1. Syntax
    1. allowpts -create;
    2. allowpts role [r],[w];
    3. allowpts -change role;
  2. Meaning
    The meaning the same as allowtty except that target is pseudo tty device.

next up previous contents
Next: 8.12 Configuring access control Up: 8 Specification of simplified Previous: 8.10 Configuring access control   Contents
2005-07-19