I'm not a pro or anything, but this bug report gives a bit more info. Have you made any changes to the disk lately? https://bugzilla.redhat.com/show_bug.cgi?id=485921 > find / -context "*:file_t:*" The above command will show you what file is causing the messages. On 09/08/2011 04:45 PM, Robert Spangler wrote: > Hello, > > I received the below SELinux message today and I am trying to figure out what > caused it. I see what it says under Allow Access but I am not sure this is > what I really want to do without know why it happened in the first place. > > What should I be looking at to understand what or why this has happened? > > Any help I would be most grateful for. > > > > Here is the output form SELinux > > > SUMMARY: > SELinux is preventing access to files with the label, file_t. > > Detailed Description: > SELinux permission checks on files labeled file_t are being denied. file_t is > the context the SELinux kernel gives to files that do not have a label. This > indicates a serious labeling problem. No files on an SELinux box should ever > be labeled file_t. If you have just added a new disk drive to the system you > can relabel it using the restorecon command. Otherwise you should relabel the > entire files system. > > Allowing Access: > You can execute the following command as root to relabel your computer > system: "touch /.autorelabel; reboot" > > Additional Information: > Source Context: user_u:system_r:pam_console_t > Target Context: system_u:object_r:file_t > Target Objects: / [ dir ] > Source: pam_console_appSource > Path: /sbin/pam_console_apply > Port: <Unknown> > Host: host1.mycompany.com > Source RPM Packages: pam-0.99.6.2-6.el5_5.2 > Target RPM Packages: filesystem-2.4.0-3.el5.centos > Policy RPM: selinux-policy-2.4.6-316.el5 > Selinux Enabled: True > Policy Type: targeted > MLS Enabled: True > Enforcing Mode: Enforcing > Plugin Name: file > Host Name: host1.mycompany.com > Platform: Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 > 07:31:24 EDT 2011 x86_64 x86_64 > Alert Count: 77 > First Seen: Thu 08 Sep 2011 02:04:40 PM EDT > Last Seen: Thu 08 Sep 2011 02:04:45 PM EDT > Local ID: 39ba9c3c-5ac0-4b91-aab1-8d871c20162c > Line Numbers: > > Raw Audit Messages : > host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied > { read } for pid=690 comm="pam_console_app" name="/" dev=md4 ino=2 > scontext=user_u:system_r:pam_console_t:s0 > tcontext=system_u:object_r:file_t:s0 tclass=dir > > host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929): > arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0 > a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0 > fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pam_console_app" > exe="/sbin/pam_console_apply" subj=user_u:system_r:pam_console_t:s0 > key=(null) > > > -- Aaron Krohn Web Force Systems Business Office: 131 Dillmont Drive, Suite 201 Columbus, OH 43235 Direct: 614-384-0019 Fax: 614-785-0871 Tech Support / Help Desk Direct: 614-384-0020