Hide Forgot
Description of problem: Error in PREIN scriptlet in rpm package asterisk-dahdi-10.0.0-0.2.beta2.fc17.i686 error: %pre(asterisk-dahdi-10.0.0-0.2.beta2.fc17.i686) scriptlet failed, exit status 10 I can install if I use setenforce 0 first. This appears to be the avc: Oct 4 15:53:01 bruno kernel: [161187.552484] type=1400 audit(1317761581.457:521): avc: denied { write } for pid=5326 comm="usermod" name="group" dev=dm-1 ino=271858 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file Note that if I run the usermod command as root from a shell it seems to work. Version-Release number of selected component (if applicable): asterisk-dahdi-10.0.0-0.2.beta2.fc17.i686 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Assigning to the selinux folks... Was there a change in the selinux policy that prevents package installs from running usermod? Here's the relevant command from the spec: %pre dahdi %{_sbindir}/usermod -a -G dahdi asterisk Note that this is likely to affect the asterisk-misdn subpackage as well.
Yes I will add this access back. We are experimenting with a label for /etc/passwd, not sure if the same label should be added for /etc/group.
Jeffrey if you chcon -t passwd_file_t /etc/group Does the package install succeed?
/etc/group seems to be labelled as passwd_file_t in rawhide now. I tested erasing and reinstalling asterisk-dahdi and it worked. So it looks like it is fixed now.