Description of problem: Summary SELinux is preventing /usr/sbin/semodule (semanage_t) "getattr" to /etc/passwd (shadow_t). Detailed Description SELinux denied access requested by /usr/sbin/semodule. It is not expected that this access is required by /usr/sbin/semodule and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /etc/passwd, restorecon -v /etc/passwd If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:semanage_t:s0 Target Context system_u:object_r:shadow_t:s0 Target Objects /etc/passwd [ file ] Affected RPM Packages policycoreutils-2.0.33-3.fc8 [application]setup-2.6.10-1.fc8 [target] Policy RPM selinux-policy-3.0.8-74.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name valent.oswireless Platform Linux valent.oswireless 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686 Alert Count 1 First Seen Tue 22 Jan 2008 01:52:36 PM CET Last Seen Tue 22 Jan 2008 01:52:36 PM CET Local ID 1b2bc69d-ddff-4ea7-a899-45e7328506d2 Line Numbers Raw Audit Messages avc: denied { getattr } for comm=semodule dev=sda6 egid=0 euid=0 exe=/usr/sbin/semodule exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/etc/passwd pid=30274 scontext=system_u:system_r:semanage_t:s0 sgid=0 subj=system_u:system_r:semanage_t:s0 suid=0 tclass=file tcontext=system_u:object_r:shadow_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. revisor issue 2. 3. Actual results: Expected results: Additional info:
*** This bug has been marked as a duplicate of 429678 ***