Bug 211779

Summary: AVC denied (write|lock) for comm="mingetty" name="wtmp"
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED WORKSFORME QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: notting
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-09 20:18:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2006-10-22 17:06:36 UTC 
Description of problem:
After rebooting my machine, I found the following AVC denieds:

type=AVC msg=audit(1161535817.537:34): avc:  denied  { write } for  pid=2559 
comm="mingetty" name="wtmp" dev=cciss/c0d0p2 ino=835671 scontext=system_u:
system_r:getty_t:s0 tcontext=user_u:object_r:var_log_t:s0 tclass=file
type=AVC msg=audit(1161535817.537:35): avc:  denied  { lock } for  pid=2560 
comm="mingetty" name="wtmp" dev=cciss/c0d0p2 ino=835671 scontext=system_u:
system_r:getty_t:s0 tcontext=user_u:object_r:var_log_t:s0 tclass=file

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.3.18-10

How reproducible:
Everytime, see above.

Actual results:
AVC denied (write|lock) for comm="mingetty" name="wtmp"

Expected results:
No AVC denied... ;-)
Comment 1 Daniel Walsh 2006-10-23 14:26:39 UTC 
Some how your wtmp file got labeled incorrectly. 


restorecon /var/run/wtmp 

should fix.

Did you run in permissive mode?  Any idea how this got mislabled?
Comment 2 Robert Scheck 2006-10-23 20:13:02 UTC 
Yepp, permissive mode. Ideas? Hm, isn't /var/run/wtmp created during booting 
time? Looks like something is self-eating, because really I didn't touch there 
anything.

/sbin/restorecon reset /var/log/wtmp context user_u:object_r:var_log_t:s0-
>system_u:object_r:wtmp_t:s0
Comment 3 Daniel Walsh 2006-10-25 17:45:16 UTC 
Are you seeing this come back on reboot?
Comment 4 Robert Scheck 2006-10-29 01:42:57 UTC 
Nope...
Comment 5 Daniel Walsh 2006-10-30 14:31:53 UTC 
I have no idea why this is happening.  init scripts and logrotate would be
logical candidates, but bother seem ok.
Comment 6 Daniel Walsh 2006-11-09 20:18:32 UTC 
Closing for now.  Added wtmp to restorecond.