Hide Forgot
Description of problem: Running: sudo usermod -G mock -a jwboyer (or directly as root) results in an AVC denial and usermod returing: [jwboyer@vader ~]$ sudo usermod -G mock -a jwboyer usermod: cannot open /etc/passwd [jwboyer@vader ~]$ Version-Release number of selected component (if applicable): selinux-policy-3.10.0-72.fc17.noarch How reproducible: Always Steps to Reproduce: 1. Try and add a user to the mock group with usermod 2. 3. Actual results: Fail Expected results: Works Additional info: audit.log excerpt: type=USER_CMD msg=audit(1325903494.147:502): user pid=0 uid=0 auid=1000 ses=15 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/jwboyer" cmd=757365726D6F64202D47206D6F636B202D61206A77626F796572 terminal=pts/2 res=success' type=CRED_ACQ msg=audit(1325903494.148:503): user pid=0 uid=0 auid=1000 ses=15 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' type=USER_START msg=audit(1325903494.150:504): user pid=0 uid=0 auid=1000 ses=15 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' type=AVC msg=audit(1325903494.153:505): avc: denied { write } for pid=17319 comm="usermod" name="passwd" dev=dm-1 ino=2492504 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file type=SYSCALL msg=audit(1325903494.153:505): arch=c000003e syscall=2 success=no exit=-13 a0=615020 a1=2 a2=1b6 a3=238 items=0 ppid=17318 pid=17319 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=15 comm="usermod" exe="/usr/sbin/usermod" subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 key=(null) type=USER_CHAUTHTOK msg=audit(1325903494.154:506): user pid=0 uid=0 auid=1000 ses=15 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=modifying account acct="jwboyer" exe="/usr/sbin/usermod" hostname=? addr=? terminal=pts/2 res=failed' type=USER_END msg=audit(1325903494.154:507): user pid=0 uid=0 auid=1000 ses=15 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success'
please execute # restorecon -R -v /etc/passwd which will fix the label.
(In reply to comment #1) > please execute > > # restorecon -R -v /etc/passwd > > which will fix the label. Yep, that worked. Had to do the same for /etc/group for some reason. Thanks for the tip.