Description of problem: When changing my password, passwd gets denied to change the password of the login keyring. Version-Release number of selected component (if applicable): passwd-0.78.99-1.fc17.x86_64 selinux-policy-3.10.0-137.fc17.noarch gnome-keyring-3.4.1-2.fc17.x86_64 How reproducible: Always Steps to Reproduce: 1. Install a new Fedora 17 system with updates-testing enabled 2. Configure the system with firstboot 3. Login to the created account 4. Go to System settings -> User Accounts 5. Select the account created 6. Change the password 7. (SELinux gives the warning in Additional info) 8. Log out 9. Log in with the new password 10. Open Keys & Passwords 11. Try to add a new password Actual results: The system changes the gnome keyring password together with the login password, and adds the new password in step 11. Expected results: The gnome keyring password is not changed, and when adding a new password in step 11, it asks to provide the (old) keyring password. Additional info: SELinux is preventing /usr/bin/passwd from execute access on the file gnome-keyring-daemon. ***** Plugin leaks (86.2 confidence) suggests ****************************** If you want to ignore passwd trying to execute access the gnome-keyring-daemon file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/bin/passwd /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests *************************** If you believe that passwd should be allowed execute access on the gnome-keyring-daemon file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep passwd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 Target Context system_u:object_r:gkeyringd_exec_t:s0 Target Objects gnome-keyring-daemon [ file ] Source passwd Source Path /usr/bin/passwd Port <Unknown> Host fedoratest.virtual.patrick.local Source RPM Packages passwd-0.78.99-1.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-137.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name fedoratest.virtual.patrick.local Platform Linux fedoratest.virtual.patrick.local 3.4.4-5.fc17.x86_64 #1 SMP Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen Sun 08 Jul 2012 11:10:43 AM CEST Last Seen Sun 08 Jul 2012 11:10:43 AM CEST Local ID f4a3e895-5cf9-48b1-9acd-2bd79fcc5d3a Raw Audit Messages type=AVC msg=audit(1341738643.455:60): avc: denied { execute } for pid=1305 comm="passwd" name="gnome-keyring-daemon" dev="vda2" ino=24242 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gkeyringd_exec_t:s0 tclass=file type=SYSCALL msg=audit(1341738643.455:60): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fea169de5c0 a1=7ffff7746a80 a2=7fea1d33cd50 a3=13 items=0 ppid=1299 pid=1305 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=passwd exe=/usr/bin/passwd subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null) Hash: passwd,passwd_t,gkeyringd_exec_t,file,execute audit2allowunable to open /sys/fs/selinux/policy: Permission denied audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied
This is also reproducible on a normal Fedora 17 system without updates-testing. Only different version is selinux-policy, which is selinux-policy-3.10.0-134.fc17.noarch.
*** This bug has been marked as a duplicate of bug 733353 ***