The following was filed automatically by setroubleshoot: Résumé: SELinux is preventing groupadd (groupadd_t) "read" console (console_device_t). Description détaillée: [groupadd has a permissive type (groupadd_t). This access was not denied.] SELinux denied access requested by the groupadd command. It looks like this is either a leaked descriptor or groupadd output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the console. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Informations complémentaires: Contexte source unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:console_device_t:s0 Objets du contexte console [ chr_file ] source groupadd Chemin de la source /usr/sbin/groupadd Port <Inconnu> Hôte (removed) Paquetages RPM source shadow-utils-4.1.4.1-6.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.26-8.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin leaks Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31-0.138.rc5.git3.fc12.x86_64 #1 SMP Thu Aug 6 16:59:15 EDT 2009 x86_64 x86_64 Compteur d'alertes 3 Première alerte sam. 05 sept. 2009 15:39:07 CEST Dernière alerte sam. 05 sept. 2009 15:39:32 CEST ID local d17f5900-380a-402e-b3dc-009415cd21e8 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1252157972.813:174): avc: denied { read } for pid=14180 comm="groupadd" name="console" dev=tmpfs ino=1052 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file node=(removed) type=SYSCALL msg=audit(1252157972.813:174): arch=c000003e syscall=59 success=yes exit=0 a0=981360 a1=9815a0 a2=97f0f0 a3=7fff84772e50 items=0 ppid=14179 pid=14180 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="groupadd" exe="/usr/sbin/groupadd" subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= groupadd_t ============== allow groupadd_t console_device_t:chr_file read;
What were you doing when this happened? Some app is leaking a connection to /dev/console.
I didn't create any user myself lately so it was probably done by a rpm package at install phase
Fixed in selinux-policy-3.6.31-2.fc12.noarch