Daniel J Walsh wrote:
>Ron Yorston wrote:
>> Stephen Smalley wrote:
>>
>>> On Wed, 2006-03-15 at 19:08 +0200, Maxim Britov wrote:
>>>
>>>> I have installed current fc5 by http about week or two ago. It updated from rawhide.
>>>> It currently installed on hda2 and it ran from qemu.
>>>>
>>>> I see many avc denied messages in dmesg (repeated 210 times with different pids):
>>>> audit(1142439027.188:2): avc: denied { search } for pid=349 comm="pam_console_app" name="var" dev=hda2 ino=210081 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir
>>>> hda2 here is /
>>>>
>>> Hmmm.../var should be labeled with system_u:object_r:var_t, not file_t.
>>> Need to relabel?
>>>
>>
>> I'm seeing these too. My /var is on a separate partition. Could this be
>> the cause of the problem?
>>
>> Mar 31 20:04:18 random kernel: audit(1143831757.360:451): avc: denied { search } for pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir
>> Mar 31 20:04:18 random kernel: EXT3 FS on hde3, internal journal
>> Mar 31 20:04:18 random kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
>> Mar 31 20:04:18 random kernel: kjournald starting. Commit interval 5 seconds
>> Mar 31 20:04:18 random kernel: EXT3 FS on hde8, internal journal
>> Mar 31 20:04:18 random kernel: EXT3-fs: mounted filesystem with ordered data mode.
>> Mar 31 20:04:18 random kernel: SELinux: initialized (dev hde8, type ext3), uses xattr
>>
>> # df
>> Filesystem 1K-blocks Used Available Use% Mounted on
>> /dev/hde3 972564 353452 568912 39% /
>> /dev/hde8 972532 290180 632152 32% /var
>> # ls -Zd /var
>> drwxr-xr-x root root system_u:object_r:var_t /var
>> # ls -id /var
>> 2 /var
>>
>> Ron
>>
>What happens when you
>
>restorecon -R -v /var
>
Nothing much.
# ls -Zd /var
drwxr-xr-x root root system_u:object_r:var_t /var
# restorecon -R -v /var
restorecon reset /var/log/Xorg.0.log context system_u:object_r:var_log_t->system_u:object_r:xserver_log_t
restorecon reset /var/log/xen-hotplug.log context system_u:object_r:var_log_t->system_u:object_r:xend_var_log_t
restorecon reset /var/log/Xorg.0.log.old context system_u:object_r:var_log_t->system_u:object_r:xserver_log_t
lstat(/var/lib/nfs/rpc_pipefs) failed: Permission denied
restorecon reset /var/run/sendmail.pid context system_u:object_r:var_run_t->system_u:object_r:sendmail_var_run_t
# ls -Zd /var
drwxr-xr-x root root system_u:object_r:var_t /var
And rebooting still results in 450 messages like:
Apr 3 20:25:04 random kernel: audit(1144092277.317:451): avc: denied { search } for pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir
I've tried booting with the FC5 rescue CD. This shows that the /var
mount point on hde3 still has the wrong context:
sh-3.1# ls -id var
62785 var
sh-3.1# ls -Zd var
drwxr-xr-x root root system_u:object_r:file_t:s0 var
There doesn't seem to be a copy of restorecon on the rescue CD so I
wasn't able to change the context of the mount point.
Why's pan_console_app trying to access /var before it's been mounted
anyway?
Ron