Bug 204986 - Errors from pam_console
Errors from pam_console
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-01 16:52 EDT by Bill Nottingham
Modified: 2014-03-16 23:01 EDT (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:14:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bill Nottingham 2006-09-01 16:52:26 EDT
Description of problem:

I get lots of:

audit(1157135283.604:30): avc:  denied  { read } for  pid=18194
comm="pam_console_app" name="/" dev=autofs ino=6665
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:autofs_t:s0 tclass=dir

from when pam_console looks for things in /mnt.

Either a) we should tell pam_console not to do that (things are in 
/media these days) or b) we should fix the policy.

Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.3.10-6
pam-0.99.6.2-1.fc6
Comment 1 Tomas Mraz 2006-09-04 02:43:59 EDT
a) is the right thing to do if we don't care much about upgrades from older FCs
where someone can have their customized mounts in /mnt which he expects to be
owned by console user.

But I'd say that policy should allow pam_console_apply to read and change things
in /mnt anyway.
Comment 2 Daniel Walsh 2006-09-18 15:18:44 EDT
Fixed in selinux-policy-2.3.14-4
Comment 3 Daniel Walsh 2007-08-22 10:14:50 EDT
Should be fixed in the current release

Note You need to log in before you can comment on or make changes to this bug.