I feel left out :-).

Jim Cornette fc-cornette at insight.rr.com
Sun Jul 22 13:49:50 UTC 2007 

Tim wrote:
> On Sun, 2007-07-22 at 00:13 -0400, Tom Horsley wrote:
>> Updated my system with new kernel, and nothing horrible
>> has happened. Everything seems to work perfectly :-).
> 
> I'm tempted to say "me too," but I'm not sure.  Things appear fine
> (graphics, sound, network, etc.), though the first time I plugged a USB
> flashdrive I got a SELinux alert, but I wasn't prevented from doing
> anything.  I don't know if it was co-incidental, directly related to
> plugging in the drive, or even important, but the message wasn't
> repeated after dismounting, unplugging, waiting quite some time, and
> replugging the drive in.  Removable drive options were set to
> auto-mount and auto-browse newly connected devices, at the time.
> 
> This is what I saw in the report, below, perhaps someone can illuminate
> the situation.  I'm curious what the local ID is based on.
> 
> ------------------------ start copy of report ------------------------
> 
> Summary:
> SELinux is preventing /sbin/pam_console_apply (pam_console_t) "read" to / (boot_t).
> 
> Detailed Description:
> SELinux denied access requested by /sbin/pam_console_apply. It is not
> expected that this access is required by /sbin/pam_console_apply and
> this access may signal an intrusion attempt. It is also possible that
> the specific version or configuration of the application is causing it
> to require additional access.
> 
> Allowing Access:
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for /, restorecon -v / If this
> does not work, there is currently no automatic way to allow this access.
> Instead, you can generate a local policy module to allow this access -
> see FAQ Or you can disable SELinux protection altogether. Disabling
> SELinux protection is not recommended. Please file a bug report against
> this package.
> 
> Additional Information
>        Source Context:  system_u:system_r:pam_console_t:SystemLow-SystemHigh
>        Target Context:  system_u:object_r:boot_t
>        Target Objects:  / [ dir ]

Do you think that this error somehow is related to the USB device not 
getting mounted as /media/label and instead mounted as / ?

It is probably difficult to understand what I am asking. I just wonder 
if the USB device being plugged in is being disruptive in userspace or 
kernel elements and is being mounted in an attempt anyway as the main 
directory vs a /media/whatever device.

Jim

-- 
Ferguson's Precept:
	A crisis is when you can't say "let's forget the whole thing."

More information about the fedora-list mailing list