Description of problem: Got an SELinux audit alert when installing shadow-utils-4.0.17-12.el5. The summary of the alert is SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t). The alert said to file a bug. Version-Release number of selected component (if applicable): Linux <hostname> 2.6.18-8.1.15.el5 #1 SMP Thu Oct 4 04:06:39 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 246311 [details] Audit alert from the SETroubleshoot browser
Looks like the faillog file has wrong selinux context. -rw------- root root system_u:object_r:faillog_t faillog is the correct one. As per the following selinux policy allow useradd_t faillog_t : file { ioctl read write getattr lock append }; As per allow useradd_t var_log_t : dir { getattr search }; Write access is not allowed. FYI