>>
>> This happens when I try to log in to the console. Any ideas?
>
> It's probably trying to create a new file in your log directory. Try
> logging in with the system in permissive mode so you can see which
> file it's trying to create, then create an empty file with the right
> ownership and permissions (regular and SELinux) in your log directory
> and try again in enforcing mode.
It worked - /var/log/lastlog was the culprit! This has now been fixed.
A common problem I found is that if a particular file does not exist in
/var/log (standard log directory), and as this directory has the
(standard) var_log_t type, almost any process wishing to write to this
directory fails miserably (notable exceptions to this is mysqld and
shorewall - they have no problems creating the appropriate files if they
do not exist!).
I had the exact same problem with the audit daemon as well (auditd) -
unless I create a directory (say, /var/log/audit) with the proper
permissions (auditd_log_t in this case) it fails to start if audit.log
does not exist. I guess if I want to keep one log directory and limit
the number of subdirectories I have to remember to keep a copy of the
appropriate log files ("touch /var/log/XXX" and then set the permissions
with semanage).
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
