On 02/07/10 15:58, Mr Dash Four wrote:
>> What am I doing wrong?!
>
> Using bind mounts instead of symlinks will help.
It did!
I added "/apps/var/log /var/log none bind 0 0" to my fstab file and 2 of
the three alerts are now gone. I am still getting this though:
kernel: type=1400 audit(1278074918.050:4): avc: denied { write } for
pid=1557 comm="login" name="log" dev=sdc ino=16386
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=dir
This happens when I try to log in to the console. Any ideas?
It's probably trying to create a new file in your log directory. Try
logging in with the system in permissive mode so you can see which file
it's trying to create, then create an empty file with the right
ownership and permissions (regular and SELinux) in your log directory
and try again in enforcing mode.
Paul.