[CentOS] Trying to understand SELinux MSG

Thu Sep 8 20:58:31 UTC 2011
Aaron Krohn <akrohn at ewebforce.net>

I'm not a pro or anything, but this bug report gives a bit more info. 
Have you made any changes to the disk lately?

https://bugzilla.redhat.com/show_bug.cgi?id=485921

> find / -context "*:file_t:*"
The above command will show you what file is causing the messages.


On 09/08/2011 04:45 PM, Robert Spangler wrote:
> Hello,
>
> I received the below SELinux message today and I am trying to figure out what
> caused it.  I see what it says under Allow Access but I am not sure this is
> what I really want to do without know why it happened in the first place.
>
> What should I be looking at to understand what or why this has happened?
>
> Any help I would be most grateful for.
>
>
>
> Here is the output form SELinux
>
>
> SUMMARY:
> SELinux is preventing access to files with the label, file_t.
>
> Detailed Description:
> SELinux permission checks on files labeled file_t are being denied. file_t is
> the context the SELinux kernel gives to files that do not have a label. This
> indicates a serious labeling problem. No files on an SELinux box should ever
> be labeled file_t. If you have just added a new disk drive to the system you
> can relabel it using the restorecon command. Otherwise you should relabel the
> entire files system.
>
> Allowing Access:
> You can execute the following command as root to relabel your computer
> system: "touch /.autorelabel; reboot"
>
> Additional Information:
> Source Context:		user_u:system_r:pam_console_t
> Target Context:		system_u:object_r:file_t
> Target Objects:		/ [ dir ]
> Source:			pam_console_appSource
> Path:			/sbin/pam_console_apply
> Port:			<Unknown>
> Host:			host1.mycompany.com
> Source RPM Packages:	pam-0.99.6.2-6.el5_5.2
> Target RPM Packages:	filesystem-2.4.0-3.el5.centos
> Policy RPM:		selinux-policy-2.4.6-316.el5
> Selinux Enabled:	True
> Policy Type:		targeted
> MLS Enabled:		True
> Enforcing Mode:		Enforcing
> Plugin Name:		file
> Host Name:		host1.mycompany.com
> Platform:		Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15
> 07:31:24 EDT 2011 x86_64 x86_64
> Alert Count:		77
> First Seen:		Thu 08 Sep 2011 02:04:40 PM EDT
> Last Seen:		Thu 08 Sep 2011 02:04:45 PM EDT
> Local ID:		39ba9c3c-5ac0-4b91-aab1-8d871c20162c
> Line Numbers:  
>
> Raw Audit Messages :
> host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied
> { read } for pid=690 comm="pam_console_app" name="/" dev=md4 ino=2
> scontext=user_u:system_r:pam_console_t:s0
> tcontext=system_u:object_r:file_t:s0 tclass=dir
>
> host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929):
> arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0
> a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pam_console_app"
> exe="/sbin/pam_console_apply" subj=user_u:system_r:pam_console_t:s0
> key=(null)
>
>
>


-- 
Aaron Krohn
Web Force Systems

Business Office:
131 Dillmont Drive, Suite 201
Columbus, OH 43235
Direct:  614-384-0019    Fax:  614-785-0871
Tech Support / Help Desk Direct:  614-384-0020