Configure ACL(Access Control List) - TTy ACL

You can define access controls for the terminal and the pseudo terminal. The screenshot is shown below.

1 "Communication with tty" area

You can define access controls for controlling terminals here.

1.1 "Create TTY" check-box

If you want to allow the current domain to create an exclusive terminal, you have to check this check-box. Usually, you need not change the default.

1.2 "read" line

You can allow the current domain to read the controlling terminal that is attached to the shell process for a user logging in with a particular role. To allow this, you have to specify correspond names of the roles in the "individual" input-field. If you want to specify all roles, you should just check the "all" check-box. If the current domain need to send messages to the controlling terminal, this permission have to be granted.

1.3 "write" line

You can allow the write-access, same as read-access. If the current domain need to send messages to the controlling terminal, this permission have to be granted.

1.4 "relabel" line

You can allow the current domain to relabel the security label that was attached to the controlling terminal for a user logging in with a particular role. Usually, you need not change the default.

1.5 "TTY before labeled" check-box

The controlling terminal is attached a security label by the "login" program. If you want to allow the current domain to access to non-labeled controlling terminal, you have to check the "TTY before labeled" check-box. But those are allowed in the "global" domain. Usually, you need not change the default.

1.6 "select" combo-box

In this combo-box, the names of the defined roles are listed. By selecting a role name, the role name is added to the left "individual" input-field.

2 "Communication with pts" area

Pseudo terminals are used to emulate serial port. You can define access controls for pseudo terminals, same as the above controlling terminals.

3 "apply" button

By clicking this button, the inter-configuration files are updated with the changes.