I wrote:
[snip lots of stuff]
>> Mar 31 20:04:18 random kernel: audit(1143831757.360:451):
avc: denied { search } for pid=1384 comm="pam_console_app"
name="var" dev=hde3 ino=62785
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
OK, I booted into single user mode, unmounted /var and ran
chcon -t var_t /var
on the mount point. Now when I boot I don't get 450 messages like the
above.
The underlying problem is that pam_console_apply is trying to access /var
before it's mounted. We just happened to see it because the SELinux
context on the mount point won't allow it.
Ron