Description of problem: Running livecd-creator (after relabeling it to bin_t) I get a bunch of AVC denieds. But audit2allow -a -m modlivecd > modlivecd.te produces and illegal .te file. It includes =========== ROLES =============== role unconfined_r types groupadd_exec_t; role unconfined_r types useradd_exec_t; role unconfined_r types groupadd_exec_t; role unconfined_r types useradd_exec_t; role unconfined_r types depmod_exec_t; role unconfined_r types depmod_exec_t; 4 problems with that block. 1) the role unconfined_r is not in the requires block 2) none of the types (groupadd_exec_t, useradd_exec_t, etc) are in the requires 3) it shows the same rules more than once 4) the ===== ROLES ===== line does not start with a #
policycoreutils-2.0.46-5.fc9.x86_64 selinux-policy-3.3.1-51.fc9.noarch My guess is that they are a result of audit messages like this type=SELINUX_ERR msg=audit(1210780569.882:4384): security_compute_sid: invalid context unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=process
Fixed in policycoreutils-2.0.55-5.fc10.x86_64