Audit Log Messages "denied"
 

I have installed a second HD on my HP Pavilion and then put Fedora Core 1 (later 2) on the new HD to temporarily live with Win XP on the original HD.

That was about three months ago and between my day job, vacation, and family duties I am now getting close to the time where I can take the original HP HD out of the machine, repartition and format it and then start the process over again on my daughter's machine.

But, for several days now, I have been noticing messages like this in my boot messages,

audit(1096789074.273:0): avc: denied { transition } for pid=3136 exe=/bin/su path=/usr/X11R6/bin/xauth dev=hdb3 ino=1064988 scontext=user_u:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process

This is just an example, I am seeing many such messages referencing many inodes (I think, more on that later), and many different executables.

My interpretation of the message above so far is that the executable /bin/su was running as process 3136 and was attempting to do something involving /usr/X11R6/bin/xauth (which I know is inode 1064988 from using ls -i) and that the ability to do this has been denied, and logged by the audit facility.

But, I still do not understand what Linux is trying to tell me.

First, question, does anyone have any idea what my fine OS is trying to tell me?

Second, question, what man/info pages should I be reading to learn what is needed?

My main concern, of course, is to insure myself that the root partition (i.e., hdb3, you might have guessed), is okay and is going to stay that way for the foreseeable future. My second, almost as great concern is to learn what my ignorance has so-far kept me from learning, how serious the root cause is and how big of a problem it is. Of course, ultimately, I would like to fix that root cause and stop the messages from occurring.

Thank you for any and all help.

Third question, what did I not tell you that I should have?

Thanks again,