I give up! Help on avc message for dev dm-0

Paul Howarth paul at city-fan.org
Wed Sep 20 13:53:31 UTC 2006


Gianfranco Durin wrote:
> Paul Howarth wrote:
>> Gianfranco Durin wrote:
>>> Dear all,
>>> I really wanted to solve the problem by myself, but...
>>>
>>> I receive a lot of message from selinux of the type
>>>
>>> audit(1158744172.025:364): avc:  denied  { search } for  pid=1568 
>>> comm="pam_console_app" name="var" dev=dm-0 ino=130817 
>>> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
> 
>>
>> The context type file_t suggests to me that you have a labelling 
>> problem. We might be able to find it with more log details. Can you 
>> post the output of:
>>
>> # ausearch -a 364
>> # ls -lZd /var
>>
>> ausearch is in the audit package, in case you don't already have it.
>>
>> Paul.
>>
> 
> Thanks, Paul, very kind.
> 
> I installed the audit package, then after reboot I have
> 
>  > # ausearch -a 364
> 
> type=USER_AUTH msg=audit(1158759070.643:364): user pid=2593 uid=0 
> auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c255 msg='PAM: 
> authentication acct=gf : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, 
> terminal=:0 res=success)'
> 
> (Not sure if it refers to the previous message, by the way)

It doesn't, because you have rebooted. Are you still getting the 
denials? If you can find one since the reboot, try the ausearch again 
and use the number after the ":" in the audit message (364 in the case 
above).

>  > # ls -lZd /var
> 
> drwxr-xr-x  root root system_u:object_r:var_t          /var

That one looks OK.

Paul.




More information about the fedora-list mailing list