Hide Forgot
Summary: SELinux is preventing /sbin/unix_chkpwd "execute" access on /sbin/unix_chkpwd. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by unix_chkpwd. It is not expected that this access is required by unix_chkpwd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c102 3 Target Context system_u:object_r:chkpwd_exec_t:s0 Target Objects /sbin/unix_chkpwd [ file ] Source unix_chkpwd Source Path /sbin/unix_chkpwd Port <Unknown> Host (removed) Source RPM Packages pam-1.1.1-4.fc13 Target RPM Packages pam-1.1.1-4.fc13 Policy RPM selinux-policy-3.7.19-69.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.34.7-61.fc13.i686 #1 SMP Tue Oct 19 04:42:47 UTC 2010 i686 i686 Alert Count 3 First Seen Thu 20 Jan 2011 10:53:34 PM MST Last Seen Thu 20 Jan 2011 10:53:34 PM MST Local ID b08e010d-86f3-4b92-b6c1-430c8f9087b7 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1295589214.237:26100): avc: denied { execute } for pid=2488 comm="polkit-agent-he" name="unix_chkpwd" dev=dm-0 ino=15150 scontext=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file node=(removed) type=AVC msg=audit(1295589214.237:26100): avc: denied { read open } for pid=2488 comm="polkit-agent-he" name="unix_chkpwd" dev=dm-0 ino=15150 scontext=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file node=(removed) type=AVC msg=audit(1295589214.237:26100): avc: denied { execute_no_trans } for pid=2488 comm="polkit-agent-he" path="/sbin/unix_chkpwd" dev=dm-0 ino=15150 scontext=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1295589214.237:26100): arch=40000003 syscall=11 success=yes exit=0 a0=11df38 a1=bfa76974 a2=124e64 a3=11df38 items=0 ppid=2482 pid=2488 auid=500 uid=0 gid=493 euid=0 suid=0 fsuid=0 egid=493 sgid=493 fsgid=493 tty=(none) ses=1 comm="unix_chkpwd" exe="/sbin/unix_chkpwd" subj=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,unix_chkpwd,oddjob_mkhomedir_t,chkpwd_exec_t,file,execute audit2allow suggests: #============= oddjob_mkhomedir_t ============== allow oddjob_mkhomedir_t chkpwd_exec_t:file { read execute open execute_no_trans };
*** This bug has been marked as a duplicate of bug 671607 ***