Robin Bowes wrote:
Hi,
I'm seeing a whole raft of these msgs at boot:
audit(1162812576.696:158): avc: denied { search } for pid=523
comm="pam_console_app" name="var" dev=dm-0 ino=229377
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
audit2allow suggests this to fix:
allow pam_console_t file_t:dir search;
My question:
Is this the right fix? Or is there some chcon magic I can do?
R.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You have a separate /var partition. and the /var directory that resides
under the mounted /var is labeled incorrectly. This is a problem with
the installer that does not label it correctly. Not sure why
pam_console is reporting these.
1. You can boot single user mode without /var mounted and restorecon /var
2. Add a loadable module with the line in it
files_dontaudit_search_isid_type_dirs(pam_console_t)
3. Wait for the next policy update to get that line.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
