Summary: SELinux is preventing /usr/sbin/groupadd access to a leaked /tmp/tmpAkgBZS file descriptor. Detailed Description: [groupadd has a permissive type (groupadd_t). This access was not denied.] SELinux denied access requested by the groupadd command. It looks like this is either a leaked descriptor or groupadd output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the /tmp/tmpAkgBZS. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Additional Information: Source Context system_u:system_r:groupadd_t:s0-s0:c0.c1023 Target Context system_u:object_r:initrc_tmp_t:s0 Target Objects /tmp/tmpAkgBZS [ file ] Source groupadd Source Path /usr/sbin/groupadd Port <Unknown> Host (removed) Source RPM Packages shadow-utils-4.1.4.2-8.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-65.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name leaks Host Name (removed) Platform Linux spearhead 2.6.34.7-61.fc13.i686.PAE #1 SMP Tue Oct 19 04:24:06 UTC 2010 i686 i686 Alert Count 11 First Seen Wed 10 Nov 2010 10:25:02 AM EST Last Seen Tue 23 Nov 2010 11:01:58 AM EST Local ID 2fcbd817-be9d-40e4-86ff-627724440e76 Line Numbers Raw Audit Messages node=spearhead type=AVC msg=audit(1290528118.919:26436): avc: denied { read append } for pid=9037 comm="groupadd" path="/tmp/tmpAkgBZS" dev=dm-0 ino=2228250 scontext=system_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file node=spearhead type=AVC msg=audit(1290528118.919:26436): avc: denied { read append } for pid=9037 comm="groupadd" path="/tmp/tmpAkgBZS" dev=dm-0 ino=2228250 scontext=system_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file node=spearhead type=SYSCALL msg=audit(1290528118.919:26436): arch=40000003 syscall=11 success=yes exit=0 a0=919e980 a1=919df98 a2=919d5a8 a3=919df98 items=0 ppid=9034 pid=9037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="groupadd" exe="/usr/sbin/groupadd" subj=system_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null)
yum update should have fixed this. This was a bug in the label of packagekit.
*** Bug 662094 has been marked as a duplicate of this bug. ***
*** Bug 662096 has been marked as a duplicate of this bug. ***
*** Bug 662099 has been marked as a duplicate of this bug. ***