fc5: several troubles at my first attempt

Ron Yorston rmy at tigress.co.uk
Mon Apr 3 19:34:30 UTC 2006 

Daniel J Walsh wrote:
>Ron Yorston wrote:
>> Stephen Smalley wrote:
>>   
>>> On Wed, 2006-03-15 at 19:08 +0200, Maxim Britov wrote:
>>>     
>>>> I have installed current fc5 by http about week or two ago. It updated from rawhide.
>>>> It currently installed on hda2 and it ran from qemu.
>>>>
>>>> I see many avc denied messages in dmesg (repeated 210 times with different pids):
>>>> audit(1142439027.188:2): avc:  denied  { search } for  pid=349 comm="pam_console_app" name="var" dev=hda2 ino=210081 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir
>>>> hda2 here is /
>>>>       
>>> Hmmm.../var should be labeled with system_u:object_r:var_t, not file_t.
>>> Need to relabel?
>>>     
>>
>> I'm seeing these too.  My /var is on a separate partition.  Could this be
>> the cause of the problem?
>>
>> Mar 31 20:04:18 random kernel: audit(1143831757.360:451): avc:  denied  { search } for  pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir
>> Mar 31 20:04:18 random kernel: EXT3 FS on hde3, internal journal
>> Mar 31 20:04:18 random kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
>> Mar 31 20:04:18 random kernel: kjournald starting.  Commit interval 5 seconds
>> Mar 31 20:04:18 random kernel: EXT3 FS on hde8, internal journal
>> Mar 31 20:04:18 random kernel: EXT3-fs: mounted filesystem with ordered data mode.
>> Mar 31 20:04:18 random kernel: SELinux: initialized (dev hde8, type ext3), uses xattr
>>
>> # df
>> Filesystem           1K-blocks      Used Available Use% Mounted on
>> /dev/hde3               972564    353452    568912  39% /
>> /dev/hde8               972532    290180    632152  32% /var
>> # ls -Zd /var
>> drwxr-xr-x  root     root     system_u:object_r:var_t          /var
>> # ls -id /var
>> 2 /var
>>
>> Ron
>>   
>What happens when you
>
>restorecon -R -v /var
>

Nothing much.

   # ls -Zd /var
   drwxr-xr-x  root     root     system_u:object_r:var_t          /var
   # restorecon -R -v /var
   restorecon reset /var/log/Xorg.0.log context system_u:object_r:var_log_t->system_u:object_r:xserver_log_t
   restorecon reset /var/log/xen-hotplug.log context system_u:object_r:var_log_t->system_u:object_r:xend_var_log_t
   restorecon reset /var/log/Xorg.0.log.old context system_u:object_r:var_log_t->system_u:object_r:xserver_log_t
   lstat(/var/lib/nfs/rpc_pipefs) failed: Permission denied
   restorecon reset /var/run/sendmail.pid context system_u:object_r:var_run_t->system_u:object_r:sendmail_var_run_t
   # ls -Zd /var
   drwxr-xr-x  root     root     system_u:object_r:var_t          /var

And rebooting still results in 450 messages like:

Apr  3 20:25:04 random kernel: audit(1144092277.317:451): avc:  denied  { search } for  pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir

I've tried booting with the FC5 rescue CD.  This shows that the /var
mount point on hde3 still has the wrong context:

   sh-3.1# ls -id var
   62785 var
   sh-3.1# ls -Zd var
   drwxr-xr-x  root     root     system_u:object_r:file_t:s0      var

There doesn't seem to be a copy of restorecon on the rescue CD so I
wasn't able to change the context of the mount point.

Why's pan_console_app trying to access /var before it's been mounted
anyway?

Ron

More information about the fedora-selinux-list mailing list