Gianfranco Durin wrote:
Paul Howarth wrote:
Gianfranco Durin wrote:
Dear all,
I really wanted to solve the problem by myself, but...
I receive a lot of message from selinux of the type
audit(1158744172.025:364): avc: denied { search } for pid=1568
comm="pam_console_app" name="var" dev=dm-0 ino=130817
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
The context type file_t suggests to me that you have a labelling
problem. We might be able to find it with more log details. Can you
post the output of:
# ausearch -a 364
# ls -lZd /var
ausearch is in the audit package, in case you don't already have it.
Paul.
Thanks, Paul, very kind.
I installed the audit package, then after reboot I have
> # ausearch -a 364
type=USER_AUTH msg=audit(1158759070.643:364): user pid=2593 uid=0
auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c255 msg='PAM:
authentication acct=gf : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?,
terminal=:0 res=success)'
(Not sure if it refers to the previous message, by the way)
It doesn't, because you have rebooted. Are you still getting the
denials? If you can find one since the reboot, try the ausearch again
and use the number after the ":" in the audit message (364 in the case
above).
> # ls -lZd /var
drwxr-xr-x root root system_u:object_r:var_t /var
That one looks OK.
Paul.
