+++ This bug was initially created as a clone of Bug #152247 +++ From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1 Description of problem: I keep noticing the following warning message in /var/log/messages Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not relabeling.Operation not permitted Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0. I think it is being caused by running a "fixfiles relabel" when "su -" as root at a terminal. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.90 ++++ End of original report I got same messages by switching from root to a system account (for testing file access) on RHEL4 (at least on 3 systems): # su -s /bin/sh - ldap Apr 13 13:12:08 host su(pam_unix)[32414]: session opened for user ldap by peter(uid=0) Apr 13 13:12:08 host su[32414]: Warning! Could not relabel /dev/pts/3 with user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted Apr 13 13:12:14 host su(pam_unix)[32414]: session closed for user ldap # su -s /bin/sh - named Apr 13 13:12:17 host su(pam_unix)[32419]: session opened for user named by peter(uid=0) Apr 13 13:12:17 host su[32419]: Warning! Could not relabel /dev/pts/3 with user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted Apr 13 13:12:21 host su(pam_unix)[32419]: session closed for user named selinux-policy-targeted-1.17.30-2.128
This bug occurs because setfsuid() is called to set the file-system UID to the UID of the target user before the selinux PAM module is called to do the SE Linux stuff. Probably if there was code such as: setfsuid(0); status=setfilecon(ptr,newdev_context); setfsuid(user_uid); Then it would work. This appears to have been fixed in rawhide by other changes to either coreutils or pam. As this is a cosmetic error (doesn't prevent the system from operating correctly) I don't think it's worth an errata for pam. But I'll let the pam maintainers make the decision on that.
Could you use runuser instead of su?
runuser didn't cause such message and would working for me also.
Closed as "NOTABUG" would not be really match the real reason I think... A retest after upgrade to RHEL4 U4 shows me, that the problem is gone now, so the reason is more some updates since the reporting date.