From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Epiphany/1.6.1 Description of problem: Whenever I try to change my users password I get the following from passwd: Changing password for user dnielsen. Retype new UNIX password: passwd: Authentication token manipulation error Version-Release number of selected component (if applicable): passwd-0.69-2 How reproducible: Always Steps to Reproduce: 1. passwd Actual Results: passwd: Authentication token manipulation error Expected Results: correctly altered password Additional info: SELinux Targeted policy is enabled, and the box has been upgrade from a fresh FC4t1 install.
Have you tried relabelling the filesystem? What messages do you see in the logs?
Since you didn't specify which log you wanted, I guess /var/log/audit.log, here's the tail type=DAEMON msg=auditd(1112457720) auditd normal halt, pid=2071, uid=0 type=DAEMON msg=auditd(1112461710) auditd start, ver=0.6.9, format=raw, pid=2096, uid=0 type=KERNEL msg=audit(1112461710.629:0): audit_enabled=1 old=0 type=KERNEL msg=audit(1112461711.478:3156): item=0 name=/etc/passwd inode=1801671 dev=03:04 mode=0100644 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1112461711.478:3156): syscall=5 exit=-13 a0=f04c84 a1=0 a2=1b6 a3=86f7228 items=1 pid=2123 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1112461711.478:3156): avc: denied { read } for pid=2123 exe=/usr/sbin/rpc.idmapd name=passwd dev=hda4 ino=1801671 scontext=user_u:system_r:rpcd_t tcontext=system_u:object_r:file_t tclass=file type=KERNEL msg=audit(1112461722.470:18629): item=0 name=/etc/passwd inode=1801671 dev=03:04 mode=0100644 uid=0 gid=0 rdev=00:00 type=KERNEL msg=audit(1112461722.470:18629): syscall=5 exit=-13 a0=974c84 a1=0 a2=1b6 a3=84d5180 items=1 pid=2245 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1112461722.470:18629): avc: denied { read } for pid=2245 exe=/usr/sbin/ntpd name=passwd dev=hda4 ino=1801671 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=file type=DAEMON msg=auditd(1112463126) auditd normal halt, pid=2096, uid=0 As for relabelling, I searched google for how to do that, and came up empty handed since all the guides where written for FC1 and SELinux changed since then - so I'll need some pointers.
Is this log from the time when the passwd was executed? If so then there is nothing in the audit.log which was generated by the passwd binary. Could you attach a relevant portions of the /var/log/messages and /var/log/secure? Relabelling is done by restorecon. See man restorecon.
Could you also try to upgrade selinux-policy-targeted to version 1.23.12-1 and verify that you have the latest version of pam and audit-libs?
relabelling the entire shebang did the trick.
OK, fine.