Hello,
I received the below SELinux message today and I am trying to figure out what caused it. I see what it says under Allow Access but I am not sure this is what I really want to do without know why it happened in the first place.
What should I be looking at to understand what or why this has happened?
Any help I would be most grateful for.
Here is the output form SELinux
SUMMARY: SELinux is preventing access to files with the label, file_t.
Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire files system.
Allowing Access: You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot"
Additional Information: Source Context: user_u:system_r:pam_console_t Target Context: system_u:object_r:file_t Target Objects: / [ dir ] Source: pam_console_appSource Path: /sbin/pam_console_apply Port: <Unknown> Host: host1.mycompany.com Source RPM Packages: pam-0.99.6.2-6.el5_5.2 Target RPM Packages: filesystem-2.4.0-3.el5.centos Policy RPM: selinux-policy-2.4.6-316.el5 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: file Host Name: host1.mycompany.com Platform: Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:31:24 EDT 2011 x86_64 x86_64 Alert Count: 77 First Seen: Thu 08 Sep 2011 02:04:40 PM EDT Last Seen: Thu 08 Sep 2011 02:04:45 PM EDT Local ID: 39ba9c3c-5ac0-4b91-aab1-8d871c20162c Line Numbers:
Raw Audit Messages : host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied { read } for pid=690 comm="pam_console_app" name="/" dev=md4 ino=2 scontext=user_u:system_r:pam_console_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929): arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0 a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pam_console_app" exe="/sbin/pam_console_apply" subj=user_u:system_r:pam_console_t:s0 key=(null)