On Sun, 2006-06-18 at 12:38 +0200, Guillaume top-posted:
> I think i'm just curious because the system work fine. I just want to
> know what theses messages are talking about and what process wrote
> them... And if possible, supress them to have a 'clean' boot
>
> 2006/6/18, Ed Greshko <Ed.Greshko@xxxxxxxxxxx>:
> > Guillaume wrote:
> > > Hi,
> > > Since i delete some files in /tmp & all files in /var/logs, with a
> > > rescue disk, i have this following errors displayed at the console
> > > screen & in /var/log/messages:
> > > Jun 18 11:51:24 localhost kernel: audit(1150624284.326:5): avc:
> > > denied { write } for pid=1585 comm="mingetty" name="wtmp" dev=dm-0
> > > ino=5827016 scontext=system_u:system_r:getty_t:s0
> > > tcontext=system_u:object_r:var_log_t:s0 tclass=file
> > > Jun 18 11:51:24 localhost kernel: audit(1150624284.518:6): avc:
> > > denied { write } for pid=1581 comm="mingetty" name="wtmp" dev=dm-0
> > > ino=5827016 scontext=system_u:system_r:getty_t:s0
> > > tcontext=system_u:object_r:var_log_t:s0 tclass=file
> > > Jun 18 11:51:24 localhost kernel: audit(1150624284.530:7): avc:
> > > denied { write } for pid=1582 comm="mingetty" name="wtmp" dev=dm-0
> > > ino=5827016 scontext=system_u:system_r:getty_t:s0
> > > tcontext=system_u:object_r:var_log_t:s0 tclass=file
> > >
> > > I dont have any auditd service launched & listed in /etc/rc.d/init.d !
> > > Someone can help me?
> >
> > If you don't have auditd running then selinux messages will be written
> > to /var/log/messages.
> >
> > Is there a problem or are you just curious about the messages landing
> > where they are?
> >
Try:
# touch /var/log/wtmp
# restorecon -v /var/log/wtmp
Paul.
