kdebase: selinux preventing appending to /var/log/kdm.log ?
Daniel J Walsh
dwalsh at redhat.com
Thu Jun 14 14:05:42 UTC 2007
Rex Dieter wrote:
> See also:
> http://bugzilla.redhat.com/243505
>
> Raw Audit Messages
>
> avc: denied { append } for comm="pam_console_app" dev=sda6 egid=500 euid=0
> exe="/sbin/pam_console_apply" exit=0 fsgid=500 fsuid=0 gid=500 items=0
> name="kdm.log" path="/var/log/kdm.log" pid=3804
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023 sgid=500
> subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 suid=0 tclass=file
> tcontext=system_u:object_r:xserver_log_t:s0 tty=(none) uid=0
>
>
Well you have a few of choices.
1. Ignore it for now, since I doubt it causes any problem.
2. Write custom policy for it.
# grep pam_console_t /var/log/audit/audit.log | audit2allow -M mypamconsole
# semodule -i mypamconsole.pp
3. Wait for the next policy update which will write a rule to dontaudit
this.
>
> Any advice on how best to address this?
>
> -- Rex
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list