selinux-policy-targeted-2.3.7-2.fc5 seems to deny pam_console from applying permissions to /dev/em8300*: Sep 15 22:06:24 bobcat kernel: audit(1158347184.942:4): avc: denied { getattr } for pid=3364 comm="pam_console_app" name="em8300-0" dev=tmpfs ino=952402 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:device_t:s0 tclass=chr_file Sep 15 22:06:24 bobcat kernel: audit(1158347184.942:5): avc: denied { setattr } for pid=3364 comm="pam_console_app" name="em8300-0" dev=tmpfs ino=952402 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:device_t:s0 tclass=chr_file The /dev/em8300* devices, more accurately /dev/em8300-*, /dev/em8300_ma-*, /dev/em8300_mv-* and /dev/em8300_sp-* are for the Hollywood+/DXR3 MPEG decoder cards, see http://dxr3.sourceforge.net/ Even though I guess they're not strictly speaking v4l ones, they're used in very similar situations, so listing them as such would possibly be the easiest way to fix this, see attached patch.
Created attachment 136383 [details] Treat em8300 devices like v4l ones (for pam_console)
Fixed in selinux-policy-2.3.14-3
Seems so, thanks.