Summary: SELinux is preventing login (local_login_t) "read write" var_log_t. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by login. It is not expected that this access is required by login and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:local_login_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_log_t:s0 Target Objects lastlog [ file ] Source login Source Path /bin/login Port <Unknown> Host (removed) Source RPM Packages util-linux-ng-2.14.2-7.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.10-4.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.29-16.fc11.i586 #1 SMP Fri Mar 27 21:07:59 EDT 2009 i686 i686 Alert Count 8 First Seen Tue 31 Mar 2009 10:24:00 AM JST Last Seen Wed 01 Apr 2009 10:47:51 AM JST Local ID cb6ebbfa-909b-47b2-a188-d2b5983994b2 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1238550471.815:20): avc: denied { read write } for pid=2181 comm="login" name="lastlog" dev=dm-0 ino=50889174 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file node=(removed) type=AVC msg=audit(1238550471.815:20): avc: denied { open } for pid=2181 comm="login" name="lastlog" dev=dm-0 ino=50889174 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1238550471.815:20): arch=40000003 syscall=5 success=yes exit=5 a0=804c670 a1=8042 a2=0 a3=9db8680 items=0 ppid=1 pid=2181 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=1 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,login,local_login_t,var_log_t,file,read,write audit2allow suggests: #============= local_login_t ============== #!!!! The source type 'local_login_t' can write to a 'file' of the following types: # xdm_tmp_t, faillog_t, lastlog_t, initrc_var_run_t, pam_var_run_t, local_login_lock_t, pcscd_var_run_t, pam_var_console_t, local_login_tmp_t, wtmp_t, var_auth_t, security_t, auth_cache_t, proc_afs_t, krb5_host_rcache_t, security_t, security_t, security_t, user_home_t allow local_login_t var_log_t:file { read write open };
*** This bug has been marked as a duplicate of bug 589402 ***