Its a mislabeled file. /var/log/btmp should be labeled faillog_t
restorecon -R -v /var/log
to fix up everything in /var/log. btmp is used whenever there is a
login failure (I think only failure...)
not sure how it got mislabeled (what is supposed to create it, anyone
know? do you remember at some time untaring a bunch of files
in /var/log? or cp'ing in files? somehow it got created without the
'right' label) but it is occasional because people only occasionally
screw up logging in and you get the denial because it is mislabeled.
Fix the label and you should be good from now on.
-Eric
On Sat, 2008-01-05 at 10:14 -0800, Knute Johnson wrote:
> Jan 5 03:19:30 www kernel: audit(1199531970.371:42): avc: denied {
> append } for pid=29639 comm="sshd" name="btmp" dev=dm-0 ino=2130022
> scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file
>
> I get these once in a while. Can anybody tell what causes them from
> this? F8 i386.
>
> Thanks,
>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
