Description of problem: received the following avc denials while trying to launch the network login config tool from GUI firstboot ("use network login" button): avc: denied { use } for pid=3192 exe=/usr/sbin/userhelper path=/dev/console dev=hdb1 ino=459355 scontext=system_u:system_r:userhelper_t tcontext=system_u:system_r:init_t tclass=fd Version-Release number of selected component (if applicable): policy-1.9-11
Possible dupe of bug #118061?
I don't think so, but I've added a comment to bug# 118061.
I have fixed this problem with policy-1.9-12 But their are probably more. Could you run it in non enforcing mode and see what happens. Then grab the AVC messages.
It turns out that I broke the first rule of SELinux testing: I forgot to verify that "use network login" worked as expected while in permissive mode. It didn't. Anyway, here are all of the denials I get with firstboot: (still using policy-1.9-11) stage 1: firstboot starts X avc: denied { unix_read unix_write } for pid=16537 exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:system_r:initrc_t tclass=shm avc: denied { read write } for pid=16537 exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:system_r:initrc_t tclass=shm avc: denied { getattr associate } for pid=16537 exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:system_r:initrc_t tclass=shm stage2: clicking "use network login" avc: denied { use } for pid=16616 exe=/usr/sbin/userhelper path=/dev/console dev=hdb1 ino=459355 scontext=system_u:system_r:userhelper_t tcontext=system_u:system_r:init_t tclass=fd avc: denied { sys_tty_config } for pid=16616 exe=/usr/sbin/userhelper capability=26 scontext=system_u:system_r:userhelper_t tcontext=system_u:system_r:userhelper_t tclass=capability stage 3: adding a user avc: denied { use } for pid=16618 exe=/usr/sbin/useradd path=/dev/console dev=hdb1 ino=459355 scontext=system_u:system_r:useradd_t tcontext=system_u:system_r:init_t tclass=fd avc: denied { write } for pid=16619 exe=/usr/bin/chfn name=fscreate dev= ino=1089142806 scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=file
opened bug# 119008 for tracking related (non-SELinux) issue.
*** Bug 119008 has been marked as a duplicate of this bug. ***
Issue w/ launching config tool appears to be SELinux-related afterall: Could not set exec context to system_u:sysadm_r:sysadm_t
Put lots of fixed in policy-1-9-15 that might fix this. Dan
Closing. Reopen if you still see it.