From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312 Description of problem: When adding a user to a group with gpasswd, various errors are reported with regards to accessing the utmp file, as well as syscalls. utmp: Apr 6 02:59:37 asok kernel: audit(1081213177.729:0): avc: denied { read write } for pid=3300 exe=/usr/bin/gpasswd name=utmp dev=hda5 ino=81925 scontext=root:sysadm_r:groupadd_t tcontext=system_u:object_r:initrc_var_run_t tclass=file Apr 6 02:59:37 asok kernel: audit(1081213177.730:0): avc: denied { read } for pid=3300 exe=/usr/bin/gpasswd name=utmp dev=hda5 ino=81925 scontext=root:sysadm_r:groupadd_t tcontext=system_u:object_r:initrc_var_run_t tclass=file Apr 6 02:59:37 asok kernel: audit(1081213177.731:0): avc: denied { read write } for pid=3300 exe=/usr/bin/gpasswd name=utmp dev=hda5 ino=81925 scontext=root:sysadm_r:groupadd_t tcontext=system_u:object_r:initrc_var_run_t tclass=file Apr 6 02:59:37 asok kernel: audit(1081213177.731:0): avc: denied { read } for pid=3300 exe=/usr/bin/gpasswd name=utmp dev=hda5 ino=81925 scontext=root:sysadm_r:groupadd_t syscalls: tcontext=system_u:object_r:initrc_var_run_t tclass=file Apr 6 02:59:37 asok kernel: audit(1081213177.733:0): avc: denied { setuid } for pid=3300 exe=/usr/bin/gpasswd capability=7 scontext=root:sysadm_r:groupadd_t tcontext=root:sysadm_r:groupadd_t tclass=capability Apr 6 02:59:37 asok kernel: audit(1081213177.734:0): avc: denied { setrlimit } for pid=3300 exe=/usr/bin/gpasswd scontext=root:sysadm_r:groupadd_t tcontext=root:sysadm_r:groupadd_t tclass=process Apr 6 02:59:37 asok kernel: audit(1081213177.734:0): avc: denied { sys_resource } for pid=3300 exe=/usr/bin/gpasswd capability=24 scontext=root:sysadm_r:groupadd_t tcontext=root:sysadm_r:groupadd_t tclass=capability Version-Release number of selected component (if applicable): policy-1.9.2-9 shadow-utils-4.0.3-21 How reproducible: Always Steps to Reproduce: 1. gpasswd -a user group 2. look at /var/log/messages Actual Results: gpasswd reports various SELinux errors Expected Results: gpasswd should be able to add a user to a group without errors Additional info:
Updated in policy-1.9.2-13