Hi,
Not sure if it's a bug or a "feature"
RHEL6.3
selinux-policy-targeted-3.7.19-155.el6_3.noarch
was getting bunch of these:
----
time->Tue Jul 31 11:22:21 2012
type=SYSCALL msg=audit(1343733741.446:154): arch=c000003e syscall=2 success=no exit=-13
a0=7f740329e7d0 a1=800 a2=1 a3=24 items=0 ppid=946 pid=1291 auid=4294967295 uid=0 gid=0
euid=1001 suid=0 fsuid=1001 egid=513 sgid=0 fsgid=513 tty=(none) ses=4294967295
comm="sshd" exe="/usr/sbin/sshd"
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1343733741.446:154): avc: denied { read } for pid=1291
comm="sshd" name="authorized_keys" dev=xvdb ino=3368578
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file
authorized_keys file didn't even exist for root user, it is not allowed to login
remotely.
Silenced it down by creating empty authorized_keys file with ssh_home_t context.
Cheers,
Vadym