Description of problem: SELinux is preventing oracle (oracle_db_t) "read" to ./passwd (etc_runtime_t). Version-Release number of selected component (if applicable): selinux-policy-2.4.6-255.el5_4.4 How reproducible: Running the Redhat Satellite server's oracle database produces errors Steps to Reproduce: 1. Try to kickstart a server 2. 3. Actual results: Expected results: Additional info: Ran: sealert -l ca829f24-e464-4692-bdf3-f55567685542 followed by recommendation: restorecon -v './passwd' Did not produce any changes. Therefore: If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Sadly the tool/kernel could not figure out that the avc referred to /etc/passwd restorecon -v /etc/passwd Should probably fix the problem. We have a better solution for the troubleshooter in RHEL6 or you could turn on full auditing, and the AVC would have contained the full path, but there is performance overhead for this. My guess is that some init script edited the /etc/passwd file and left it with a bad label.