On Tue, 28 May 2024 16:55:55 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote:On Sun, May 26, 2024 at 06:28:42PM -0400, Derek Schrock wrote: > Allow access to user_devpts. > > $ pasta --version > pasta 0^20240510.g7288448-1.fc40.x86_64 > ... > $ awk '' < /dev/null > $ pasta --version > $ > > While this might be a awk bug it appears pasta should still have access > to devpts.Derek, thanks for the patch!It's not clear to me why pasta would need any access to /dev/pts. The shell that pasta spawns does, of course, but it should already live in a difference security context.Note that that doesn't happen in a shell pasta spawned: pasta --version doesn't do that. It's just that after that awk comamnd, enabling access to user_tty_device_t doesn't seem to be enough anymore, we need user_devpts_t then. Which is probably something reasonable to enable anyway. -- Stefano