Description of problem: I am newbie to Linux, and after installed other rpms that's require for NDISwrapper, I got "AVC denial" message from SELinux. And it asked me to report the bug. I copied the message I got from SELinux below Version-Release number of selected component (if applicable): Additional info: Summary: SELinux is preventing pam_console_app (pam_console_t) "getattr" access to device /dev/hdc. Detailed Description: SELinux has denied the pam_console_app (pam_console_t) "getattr" access to device /dev/hdc. /dev/hdc is mislabeled, this device has the default label of the /dev directory, which should not happen. All Character and/or Block Devices should have a label. You can attempt to change the label of the file using restorecon -v '/dev/hdc'. If this device remains labeled device_t, then this is a bug in SELinux policy. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, and find a type that would work for /dev/hdc, you can use chcon -t SIMILAR_TYPE '/dev/hdc', If this fixes the problem, you can make this permanent by executing semanage fcontext -a -t SIMILAR_TYPE '/dev/hdc' If the restorecon changes the context, this indicates that the application that created the device, created it without using SELinux APIs. If you can figure out which application created the device, please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this application. Allowing Access: Attempt restorecon -v '/dev/hdc' or chcon -t SIMILAR_TYPE '/dev/hdc' Additional Information: Source Context system_u:system_r:pam_console_t:SystemLow- SystemHigh Target Context system_u:object_r:device_t Target Objects /dev/hdc [ blk_file ] Source pam_console_app Source Path /sbin/pam_console_apply Port <Unknown> Host localhost.localdomain Source RPM Packages pam-0.99.6.2-3.27.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-137.1.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name device Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.18-92.1.6.el5 #1 SMP Wed Jun 25 13:49:24 EDT 2008 i686 i686 Alert Count 46 First Seen Mon 28 Jul 2008 10:54:20 AM PDT Last Seen Mon 28 Jul 2008 10:54:33 AM PDT Local ID 7a2a2a6a-0bba-44fa-9145-6667183aa8fe Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1217267673.429:218): avc: denied { getattr } for pid=1222 comm="pam_console_app" path="/dev/hdc" dev=tmpfs ino=4636 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file host=localhost.localdomain type=SYSCALL msg=audit(1217267673.429:218): arch=40000003 syscall=195 success=no exit=-13 a0=bfb4e1f0 a1=bfb4e21c a2=7c6ff4 a3=4 items=0 ppid=867 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pam_console_app" exe="/sbin/pam_console_apply" subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 key=(null)
/dev/hdc is labeled incorrectly this is probably a bug in raid tools. restorecon -R /dev/hd* Should fix.
Smartmon created the disks with the wrong context.
can you still reproduce this after 5.3 update?
This bug has needinfo state without any reply for almost five months, it will be closed next week.
no reply for more than five months, I'm closing this bug. Feel free to reopen this if you can still reproduce this problem.