Description of problem: useradd creates an empty mail spool file, assigning it SELinux type user_home_t. This can cause problems later, for example when logwatch visits /var/spool/mail (this was the denial which actually triggered this bug report). Version-Release number of selected component (if applicable): selinux-policy-3.2.8-1.fc9.noarch shadow-utils-4.1.0-2.fc9.i386 How reproducible: always Steps to Reproduce: 1. login as root 2. useradd sladek 3. ls -lZ /var/spool/mail/sladek Actual type: user_home_t Expected type: mail_spool_t
Created attachment 295515 [details] Patch to fix /var/spool/mail labeling and useradd -Z user_u dwalsh problem Tomas, We never reset the setfscreatecon to the default after creating the homedir. Also if you modify the default SELinux User, useradd execs semanage, but this was happening before the uid was created so it was failing. Needs to happen after the UID is created.
Sorry should have commented to Peter.
fixed in shadow-utils-4.1.0-4.fc9, thnx. Daniel