Bug 204986
| Summary: | Errors from pam_console | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bill Nottingham <notting> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | rvokal, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-22 14:14:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
a) is the right thing to do if we don't care much about upgrades from older FCs where someone can have their customized mounts in /mnt which he expects to be owned by console user. But I'd say that policy should allow pam_console_apply to read and change things in /mnt anyway. Fixed in selinux-policy-2.3.14-4 Should be fixed in the current release |
Description of problem: I get lots of: audit(1157135283.604:30): avc: denied { read } for pid=18194 comm="pam_console_app" name="/" dev=autofs ino=6665 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:autofs_t:s0 tclass=dir from when pam_console looks for things in /mnt. Either a) we should tell pam_console not to do that (things are in /media these days) or b) we should fix the policy. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.3.10-6 pam-0.99.6.2-1.fc6