Description of problem: chsh fails (as regular user or as root) due to SELinux policy. Version-Release number of selected component (if applicable): policy-1.9-11 util-linux-2.12-14 How reproducible: 100% Steps to Reproduce: 1. Log in as user, or as root 2. chsh username 3. Try changing shell to e.g. /bin/tcsh Actual results: [root@q root]# chsh cra Changing shell for cra. New shell [/bin/bash]: /bin/tcsh setpwnam: Permission denied Shell *NOT* changed. Try again later. [root@q root]# Expected results: shell should be changed. Additional info: Fresh install of FC 1.91 200403230535. AVC messages: audit(1080193991.075:0): avc: denied { setrlimit } for pid=30420 exe=/usr/bin/chsh scontext=user_u:user_r:chfn_t tcontext=user_u:user_r:chfn_t tclass=process audit(1080193991.075:0): avc: denied { create } for pid=30420 exe=/usr/bin/chsh name=ptmptmp scontext=user_u:user_r:chfn_t tcontext=system_u:object_r:etc_t tclass=file audit(1080194006.776:0): avc: denied { setrlimit } for pid=30425 exe=/usr/bin/chsh scontext=root:sysadm_r:chfn_t tcontext=root:sysadm_r:chfn_t tclass=process audit(1080194006.776:0): avc: denied { create } for pid=30425 exe=/usr/bin/chsh name=ptmptmp scontext=root:sysadm_r:chfn_t tcontext=system_u:object_r:etc_t tclass=file audit(1080194129.536:0): avc: denied { setrlimit } for pid=30456 exe=/usr/bin/chsh scontext=root:sysadm_r:chfn_t tcontext=root:sysadm_r:chfn_t tclass=process audit(1080194129.537:0): avc: denied { create } for pid=30456 exe=/usr/bin/chsh name=ptmptmp scontext=root:sysadm_r:chfn_t tcontext=system_u:object_r:etc_t tclass=file
Could you try this with a later policy. policy-1.9-15. The create should not fail, and I would like to know if it fails. Dan