Résumé: SELinux is preventing /usr/bin/chsh "lock" access on /var/run/utmp. Description détaillée: [SELinux est en mode permissif. Cet accès n'a pas été refusé.] SELinux denied access requested by chsh. It is not expected that this access is required by chsh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source unconfined_u:unconfined_r:chfn_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:initrc_var_run_t:s0 Objets du contexte /var/run/utmp [ file ] source chsh Chemin de la source /usr/bin/chsh Port <Inconnu> Hôte (removed) Paquetages RPM source util-linux-ng-2.16.2-7.fc12 Paquetages RPM cible initscripts-9.02.1-1 Politique RPM selinux-policy-3.6.32-99.fc12 Selinux activé True Type de politique targeted Mode strict Permissive Nom du plugin catchall Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31.12-174.2.22.fc12.i686 #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686 Compteur d'alertes 1 Première alerte ven 19 mar 2010 10:13:43 CET Dernière alerte ven 19 mar 2010 10:13:43 CET ID local 8dad464e-bf55-4440-8941-c59f9af83945 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1268990023.43:23437): avc: denied { lock } for pid=7421 comm="chsh" path="/var/run/utmp" dev=dm-0 ino=235 scontext=unconfined_u:unconfined_r:chfn_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1268990023.43:23437): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfdceab8 a3=bfdcea2c items=0 ppid=29303 pid=7421 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts3 ses=1 comm="chsh" exe="/usr/bin/chsh" subj=unconfined_u:unconfined_r:chfn_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,chsh,chfn_t,initrc_var_run_t,file,lock audit2allow suggests: #============= chfn_t ============== allow chfn_t initrc_var_run_t:file lock;
I was just using the command chsh to change my shell. I got an other SELinux alert prevention with chsh for "open" access to /var/run/utmp.
I also submitted it in case you would see it. https://bugzilla.redhat.com/show_bug.cgi?id=575056
*** This bug has been marked as a duplicate of bug 575056 ***