Bug 363321 - SELinux Audit Alert When Installing shadow-utils
Summary: SELinux Audit Alert When Installing shadow-utils
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: shadow-utils   
(Show other bugs)
Version: 5.1
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
: ---
Assignee: Peter Vrabec
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-02 03:29 UTC by Steve Siano
Modified: 2009-12-20 01:56 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-10 14:45:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Audit alert from the SETroubleshoot browser (2.11 KB, text/plain)
2007-11-02 03:29 UTC, Steve Siano
no flags Details

Description Steve Siano 2007-11-02 03:29:36 UTC
Description of problem:
Got an SELinux audit alert when installing shadow-utils-4.0.17-12.el5.  The
summary of the alert is

   SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog
(var_log_t).

The alert said to file a bug.

Version-Release number of selected component (if applicable):
Linux <hostname> 2.6.18-8.1.15.el5 #1 SMP Thu Oct 4 04:06:39 EDT 2007 x86_64
x86_64 x86_64 GNU/Linux

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Steve Siano 2007-11-02 03:29:36 UTC
Created attachment 246311 [details]
Audit alert from the SETroubleshoot browser

Comment 2 Huzaifa S. Sidhpurwala 2009-01-12 05:47:10 UTC
Looks like the faillog file has wrong selinux context.

-rw-------  root root system_u:object_r:faillog_t      faillog

is the correct one.

As per the following selinux policy

allow useradd_t faillog_t : file { ioctl read write getattr lock append };

As per
allow useradd_t var_log_t : dir { getattr search };

Write access is not allowed.

FYI


Note You need to log in before you can comment on or make changes to this bug.