You can define access controls for the terminal and the pseudo terminal. The screenshot is shown below.
You can define access controls for controlling terminals here.
If you want to allow the current domain to create an exclusive terminal, you have to check this check-box. Usually, you need not change the default.
You can allow the current domain to read the controlling terminal that is attached to the shell process for a user logging in with a particular role. To allow this, you have to specify correspond names of the roles in the "individual" input-field. If you want to specify all roles, you should just check the "all" check-box. If the current domain need to send messages to the controlling terminal, this permission have to be granted.
You can allow the write-access, same as read-access. If the current domain need to send messages to the controlling terminal, this permission have to be granted.
You can allow the current domain to relabel the security label that was attached to the controlling terminal for a user logging in with a particular role. Usually, you need not change the default.
The controlling terminal is attached a security label by the "login" program. If you want to allow the current domain to access to non-labeled controlling terminal, you have to check the "TTY before labeled" check-box. But those are allowed in the "global" domain. Usually, you need not change the default.
In this combo-box, the names of the defined roles are listed. By selecting a role name, the role name is added to the left "individual" input-field.
Pseudo terminals are used to emulate serial port. You can define access controls for pseudo terminals, same as the above controlling terminals.
By clicking this button, the inter-configuration files are updated with the changes.