bloody links!

Fri Jul 2 16:12:34 UTC 2010

On 02/07/10 15:58, Mr Dash Four wrote:
>
>>> What am I doing wrong?!
>>
>> Using bind mounts instead of symlinks will help.
> It did!
>
> I added "/apps/var/log /var/log none bind 0 0" to my fstab file and 2 of
> the three alerts are now gone. I am still getting this though:
>
> kernel: type=1400 audit(1278074918.050:4): avc: denied { write } for
> pid=1557 comm="login" name="log" dev=sdc ino=16386
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_log_t:s0 tclass=dir
>
> This happens when I try to log in to the console. Any ideas?

It's probably trying to create a new file in your log directory. Try 
logging in with the system in permissive mode so you can see which file 
it's trying to create, then create an empty file with the right 
ownership and permissions (regular and SELinux) in your log directory 
and try again in enforcing mode.

Paul.