Bug 363321 - SELinux Audit Alert When Installing shadow-utils
SELinux Audit Alert When Installing shadow-utils
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: shadow-utils (Show other bugs)
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
Depends On:
  Show dependency treegraph
Reported: 2007-11-01 23:29 EDT by Steve Siano
Modified: 2009-12-19 20:56 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-10 10:45:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Audit alert from the SETroubleshoot browser (2.11 KB, text/plain)
2007-11-01 23:29 EDT, Steve Siano
no flags Details

  None (edit)
Description Steve Siano 2007-11-01 23:29:36 EDT
Description of problem:
Got an SELinux audit alert when installing shadow-utils-4.0.17-12.el5.  The
summary of the alert is

   SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog

The alert said to file a bug.

Version-Release number of selected component (if applicable):
Linux <hostname> 2.6.18-8.1.15.el5 #1 SMP Thu Oct 4 04:06:39 EDT 2007 x86_64
x86_64 x86_64 GNU/Linux

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Steve Siano 2007-11-01 23:29:36 EDT
Created attachment 246311 [details]
Audit alert from the SETroubleshoot browser
Comment 2 Huzaifa S. Sidhpurwala 2009-01-12 00:47:10 EST
Looks like the faillog file has wrong selinux context.

-rw-------  root root system_u:object_r:faillog_t      faillog

is the correct one.

As per the following selinux policy

allow useradd_t faillog_t : file { ioctl read write getattr lock append };

As per
allow useradd_t var_log_t : dir { getattr search };

Write access is not allowed.


Note You need to log in before you can comment on or make changes to this bug.