Re: I give up! Help on avc message for dev dm-0

Gianfranco Durin wrote:
Dear all,
I really wanted to solve the problem by myself, but...

I receive a lot of message from selinux of the type

audit(1158744172.025:364): avc: denied { search } for pid=1568 comm="pam_console_app" name="var" dev=dm-0 ino=130817 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir

Well, I do know what is the device dm-0. I tried to mount and it looks like /

My configuration is:
FC5 fully updated with 2.6.17-1.2187_FC5smp
/dev/mapper/VolGroup00-LogVol00 23G  5.3G   16G  25% /
/dev/sda2                      99M   15M   80M  16% /boot
tmpfs                        1014M     0 1014M   0% /dev/shm
/dev/mapper/VolGroup00-LogVol03  420G   25G  374G   7% /home
/dev/mapper/VolGroup00-LogVol02  6.2G  708M  5.2G  12% /var
/dev/sdc1             276G  2.3G  259G   1% /media/disk

Can someone tell me where to look for?

Thank you very much for your help!

The context type file_t suggests to me that you have a labelling problem. We might be able to find it with more log details. Can you post the output of:

# ausearch -a 364
# ls -lZd /var

ausearch is in the audit package, in case you don't already have it.


