Description of problem: SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t) Source Context: system_u:system_r:useradd_t Target Context: system_u:object_r:var_log_t Target Objects: faillog [ file ] Affected RPM Packages: shadow-utils-4.0.18.1-13.fc7 [application] Policy RPM: selinux-policy-2.6.1-1.fc7 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall_file Platform: Linux <hostname> 2.6.20-1.3104.fc7 #1 SMP Sat Apr 21 22:20:43 EDT 2007 i686 i686 Alert Count: 1 First Seen: Mon 30 Apr 2007 03:07:49 PM EDT Last Seen: Mon 30 Apr 2007 03:07:49 PM EDT Local ID: 69550c8a-3a80-4281-ba26-036a07f5884a Line Numbers: Raw Audit Messages :avc: denied { read, write } for comm="useradd" dev=dm-4 egid=0 euid=0 exe="/usr/sbin/useradd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="faillog" pid=6832 scontext=system_u:system_r:useradd_t:s0 sgid=0 subj=system_u:system_r:useradd_t:s0 suid=0 tclass=file tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0 Steps to Reproduce: 1. Fresh F-7 install 2. Enable "Personal File Sharing" (not sure if this matters) 3. Install/upgrade a bunch of packages via pirut 4. avc denial Additional info: Unfortunately I don't know which package triggered the write attempt to faillog. I can try to reproduce this if needed.
This is an install problem, and should be cleaned up at the end of install with a restorecon -R -v /var/log. You can do this now to fix the problem.
*** This bug has been marked as a duplicate of 236774 ***