Any idea what causes this message?
 

Jan 5 03:19:30 www kernel: audit(1199531970.371:42): avc: denied {
append } for pid=29639 comm="sshd" name="btmp" dev=dm-0 ino=2130022
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file

I get these once in a while. Can anybody tell what causes them from
this? F8 i386.

Thanks,

--
Knute Johnson
Molon Labe...


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Any idea what causes this message?
 

Its a mislabeled file. /var/log/btmp should be labeled faillog_t

restorecon -R -v /var/log

to fix up everything in /var/log. btmp is used whenever there is a
login failure (I think only failure...)

not sure how it got mislabeled (what is supposed to create it, anyone
know? do you remember at some time untaring a bunch of files
in /var/log? or cp'ing in files? somehow it got created without the
'right' label) but it is occasional because people only occasionally
screw up logging in and you get the denial because it is mislabeled.
Fix the label and you should be good from now on.

-Eric
On Sat, 2008-01-05 at 10:14 -0800, Knute Johnson wrote:
> Jan 5 03:19:30 www kernel: audit(1199531970.371:42): avc: denied {
> append } for pid=29639 comm="sshd" name="btmp" dev=dm-0 ino=2130022
> scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file
>
> I get these once in a while. Can anybody tell what causes them from
> this? F8 i386.
>
> Thanks,
>

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Any idea what causes this message?
 

>Its a mislabeled file. /var/log/btmp should be labeled faillog_t
>
>restorecon -R -v /var/log
>
>to fix up everything in /var/log. btmp is used whenever there is a
>login failure (I think only failure...)
>
>not sure how it got mislabeled (what is supposed to create it, anyone
>know? do you remember at some time untaring a bunch of files
>in /var/log? or cp'ing in files? somehow it got created without the
>'right' label) but it is occasional because people only occasionally
>screw up logging in and you get the denial because it is mislabeled.
>Fix the label and you should be good from now on.
>
>-Eric

Thanks, it was mislabeled. I don't know how but it's fixed now.

--
Knute Johnson
Molon Labe...


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Any idea what causes this message?
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Knute Johnson wrote:
>> Its a mislabeled file. /var/log/btmp should be labeled faillog_t
>>
>> restorecon -R -v /var/log
>>
>> to fix up everything in /var/log. btmp is used whenever there is a
>> login failure (I think only failure...)
>>
>> not sure how it got mislabeled (what is supposed to create it, anyone
>> know? do you remember at some time untaring a bunch of files
>> in /var/log? or cp'ing in files? somehow it got created without the
>> 'right' label) but it is occasional because people only occasionally
>> screw up logging in and you get the denial because it is mislabeled.
>> Fix the label and you should be good from now on.
>>
>> -Eric
>
> Thanks, it was mislabeled. I don't know how but it's fixed now.
>
THere is a reported bug on logrotate I believe that is clearing the btmp
file but not labeling it correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeCWjYACgkQrlYvE4MpobNxpACdHcUIw1m/CiGAklKX9BxoD4PR
byYAn0/UZEXdbSlqBKUkSdumFwg01vqN
=b8zk
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Any idea what causes this message?
 

Knute Johnson wrote:

Its a mislabeled file. /var/log/btmp should be labeled faillog_t

restorecon -R -v /var/log

to fix up everything in /var/log. btmp is used whenever there is a
login failure (I think only failure...)

not sure how it got mislabeled (what is supposed to create it, anyone
know? do you remember at some time untaring a bunch of files
in /var/log? or cp'ing in files? somehow it got created without the
'right' label) but it is occasional because people only occasionally
screw up logging in and you get the denial because it is mislabeled.
Fix the label and you should be good from now on.

-Eric


Thanks, it was mislabeled. I don't know how but it's fixed now.


It'll be logrotate.

https://bugzilla.redhat.com/show_bug.cgi?id=427274

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Any idea what causes this message?
 

On Monday 07 January 2008, Paul Howarth wrote:
>Knute Johnson wrote:
>>> Its a mislabeled file. /var/log/btmp should be labeled faillog_t
>>>
>>> restorecon -R -v /var/log
>>>
>>> to fix up everything in /var/log. btmp is used whenever there is a
>>> login failure (I think only failure...)
>>>
>>> not sure how it got mislabeled (what is supposed to create it, anyone
>>> know? do you remember at some time untaring a bunch of files
>>> in /var/log? or cp'ing in files? somehow it got created without the
>>> 'right' label) but it is occasional because people only occasionally
>>> screw up logging in and you get the denial because it is mislabeled.
>>> Fix the label and you should be good from now on.
>>>
>>> -Eric
>>
>> Thanks, it was mislabeled. I don't know how but it's fixed now.
>
>It'll be logrotate.
>
>https://bugzilla.redhat.com/show_bug.cgi?id=427274
>
>Paul.
Humm, new package soon I hope?

Thanks
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
"Seed me, Seymour"
-- a random number generator meets the big green mother from outer space

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list