Description of problem: We have firstaidkit, (python script) that has a plugin called passwd which serves the purpose of changing the root passwd. additionally firstaidkit logs to /var/log/firstaidkit.log When I run any other plugin the log file is quite ok and there are no problems but when I run passwd, it creates an SElinux denial :( I'm pretty sure that its at the moment when the passwd gets changed. How reproducible: always. only with that plugin. Other plugins log to that file with no problem Steps to Reproduce: 1. yum install firstaidkit-plugin-passwd -y 2. firstaidkit -f passwd resetRoot 3. This should produce the AVC denial seen in /var/log/messages or /var/log/audit/audit.log Actual results: AVC denial Expected results: For SElinux to let Firstaidkti change the root passwd. Additional info: I will attach the /var/log/audit/audit.log log. I executed firstaidkit with an empty log.
Created attachment 311855 [details] the audit log
Fixed in selinux-policy-3.4.2-14.fc10.noarch