Fedora Users — Re: I give up! Help on avc message for dev dm-0

Re: I give up! Help on avc message for dev dm-0

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Subject: Re: I give up! Help on avc message for dev dm-0

From: Gianfranco Durin <gdurin@xxxxxxxx>

Date: Wed, 20 Sep 2006 15:48:17 +0200

In-reply-to: <45112036.2030902@xxxxxxxxxxxx>

References: <45111A16.3000909@xxxxxxxx> <45112036.2030902@xxxxxxxxxxxx>

Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

User-agent: Thunderbird 1.5.0.7 (X11/20060913)

Paul Howarth wrote:

Gianfranco Durin wrote:
Dear all,
I really wanted to solve the problem by myself, but...

I receive a lot of message from selinux of the type
audit(1158744172.025:364): avc: denied { search } for pid=1568comm="pam_console_app" name="var" dev=dm-0 ino=130817scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255tcontext=system_u:object_r:file_t:s0 tclass=dir

The context type file_t suggests to me that you have a labellingproblem. We might be able to find it with more log details. Can you postthe output of:
# ausearch -a 364
# ls -lZd /var

ausearch is in the audit package, in case you don't already have it.

Paul.


Thanks, Paul, very kind.

I installed the audit package, then after reboot I have

> # ausearch -a 364

type=USER_AUTH msg=audit(1158759070.643:364): user pid=2593 uid=0auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c255 msg='PAM:authentication acct=gf : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,terminal=:0 res=success)'


(Not sure if it refers to the previous message, by the way)

> # ls -lZd /var

drwxr-xr-x  root root system_u:object_r:var_t          /var


Hope this helps

Thanks again
Gianfranco