Description of problem: Running "mock -r /etc/mock/fedora-8-x86_64.cfg init" resulted in 5 AVC denials. They are (briefly): 1) /usr/sbin/groupadd (groupadd_t) cannot "write" to /dev/null (var_lib_t). 2) /usr/sbin/groupadd (groupadd_t) cannot "ioctl" to /dev/null (var_lib_t). 3) /usr/sbin/useradd (useradd_t) cannot "ioctl" to /dev/null (var_lib_t). 4) /usr/sbin/useradd (useradd_t) cannot "read write" to (var_log_t). 5) /usr/sbin/useradd (useradd_t) cannot "write" to /dev/null (var_lib_t). Detailed information: avc: denied { write } for comm=groupadd dev=dm-0 egid=0 euid=0 exe=/usr/sbin/groupadd exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/dev/null pid=1706 scontext=system_u:system_r:groupadd_t:s0 sgid=0 subj=system_u:system_r:groupadd_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:var_lib_t:s0 tty=pts3 uid=0 avc: denied { ioctl } for comm=groupadd dev=dm-0 path=/dev/null pid=1706 scontext=system_u:system_r:groupadd_t:s0 tclass=chr_file tcontext=system_u:object_r:var_lib_t:s0 avc: denied { ioctl } for comm=useradd dev=dm-0 path=/dev/null pid=1947 scontext=system_u:system_r:useradd_t:s0 tclass=chr_file tcontext=system_u:object_r:var_lib_t:s0 avc: denied { read write } for comm=useradd dev=dm-0 name=faillog pid=1947 scontext=system_u:system_r:useradd_t:s0 tclass=file tcontext=system_u:object_r:var_log_t:s0 avc: denied { write } for comm=useradd dev=dm-0 egid=0 euid=0 exe=/usr/sbin/useradd exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/dev/null pid=1947 scontext=system_u:system_r:useradd_t:s0 sgid=0 subj=system_u:system_r:useradd_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:var_lib_t:s0 tty=pts3 uid=0 Version-Release number of selected component (if applicable): selinux-policy-3.0.8-58.fc8 How reproducible: Always Steps to Reproduce: 1. mock -r /etc/mock/fedora-8-x86_64.cfg init Actual results: The AVC denials list above are issued. Expected results: There should be no AVC denials. Additional info: mock-0.8.9-1.fc8
Fixed in selinux-policy-3.0.8-68.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.