CentOS - Sep 2011 - Trying to understand SELinux MSG

Hello,

I received the below SELinux message today and I am trying to figure out what 
caused it.  I see what it says under Allow Access but I am not sure this is 
what I really want to do without know why it happened in the first place.

What should I be looking at to understand what or why this has happened?

Any help I would be most grateful for.



Here is the output form SELinux


SUMMARY:
SELinux is preventing access to files with the label, file_t.

Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is 
the context the SELinux kernel gives to files that do not have a label. This 
indicates a serious labeling problem. No files on an SELinux box should ever 
be labeled file_t. If you have just added a new disk drive to the system you 
can relabel it using the restorecon command. Otherwise you should relabel the 
entire files system. 

Allowing Access:
You can execute the following command as root to relabel your computer 
system: "touch /.autorelabel; reboot" 

Additional Information:
Source Context:		user_u:system_r:pam_console_t
Target Context:		system_u:object_r:file_t
Target Objects:		/ [ dir ]
Source:			pam_console_appSource 
Path:			/sbin/pam_console_apply
Port:			<Unknown>
Host:			host1.mycompany.com
Source RPM Packages:	pam-0.99.6.2-6.el5_5.2
Target RPM Packages:	filesystem-2.4.0-3.el5.centos
Policy RPM:		selinux-policy-2.4.6-316.el5
Selinux Enabled:	True
Policy Type:		targeted
MLS Enabled:		True
Enforcing Mode:		Enforcing
Plugin Name:		file
Host Name:		host1.mycompany.com
Platform:		Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 
07:31:24 EDT 2011 x86_64 x86_64
Alert Count:		77
First Seen:		Thu 08 Sep 2011 02:04:40 PM EDT
Last Seen:		Thu 08 Sep 2011 02:04:45 PM EDT
Local ID:		39ba9c3c-5ac0-4b91-aab1-8d871c20162c
Line Numbers:??

Raw Audit Messages :
host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied 
{ read } for pid=690 comm="pam_console_app" name="/" dev=md4
ino=2
scontext=user_u:system_r:pam_console_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=dir 

host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929): 
arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0 
a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0 
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pam_console_app" 
exe="/sbin/pam_console_apply" subj=user_u:system_r:pam_console_t:s0 
key=(null)
 


-- 

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://linuxcounter.net/

I'm not a pro or anything, but this bug report gives a bit more info. 
Have you made any changes to the disk lately?

https://bugzilla.redhat.com/show_bug.cgi?id=485921
> find / -context "*:file_t:*"
The above command will show you what file is causing the messages.


On 09/08/2011 04:45 PM, Robert Spangler wrote:
> Hello,
>
> I received the below SELinux message today and I am trying to figure out
what
> caused it.  I see what it says under Allow Access but I am not sure this is
> what I really want to do without know why it happened in the first place.
>
> What should I be looking at to understand what or why this has happened?
>
> Any help I would be most grateful for.
>
>
>
> Here is the output form SELinux
>
>
> SUMMARY:
> SELinux is preventing access to files with the label, file_t.
>
> Detailed Description:
> SELinux permission checks on files labeled file_t are being denied. file_t
is
> the context the SELinux kernel gives to files that do not have a label.
This
> indicates a serious labeling problem. No files on an SELinux box should
ever
> be labeled file_t. If you have just added a new disk drive to the system
you
> can relabel it using the restorecon command. Otherwise you should relabel
the
> entire files system.
>
> Allowing Access:
> You can execute the following command as root to relabel your computer
> system: "touch /.autorelabel; reboot"
>
> Additional Information:
> Source Context:		user_u:system_r:pam_console_t
> Target Context:		system_u:object_r:file_t
> Target Objects:		/ [ dir ]
> Source:			pam_console_appSource
> Path:			/sbin/pam_console_apply
> Port:			<Unknown>
> Host:			host1.mycompany.com
> Source RPM Packages:	pam-0.99.6.2-6.el5_5.2
> Target RPM Packages:	filesystem-2.4.0-3.el5.centos
> Policy RPM:		selinux-policy-2.4.6-316.el5
> Selinux Enabled:	True
> Policy Type:		targeted
> MLS Enabled:		True
> Enforcing Mode:		Enforcing
> Plugin Name:		file
> Host Name:		host1.mycompany.com
> Platform:		Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15
> 07:31:24 EDT 2011 x86_64 x86_64
> Alert Count:		77
> First Seen:		Thu 08 Sep 2011 02:04:40 PM EDT
> Last Seen:		Thu 08 Sep 2011 02:04:45 PM EDT
> Local ID:		39ba9c3c-5ac0-4b91-aab1-8d871c20162c
> Line Numbers:  
>
> Raw Audit Messages :
> host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc:
denied
> { read } for pid=690 comm="pam_console_app" name="/"
dev=md4 ino=2
> scontext=user_u:system_r:pam_console_t:s0
> tcontext=system_u:object_r:file_t:s0 tclass=dir
>
> host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929):
> arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0
> a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
comm="pam_console_app"
> exe="/sbin/pam_console_apply"
subj=user_u:system_r:pam_console_t:s0
> key=(null)
>
>
>

-- 
Aaron Krohn
Web Force Systems

Business Office:
131 Dillmont Drive, Suite 201
Columbus, OH 43235
Direct:  614-384-0019    Fax:  614-785-0871
Tech Support / Help Desk Direct:  614-384-0020