Red Hat Bugzilla – Bug 859532
radvd: permission denied when calling useradd/groupadd during installation
Last modified: 2012-09-24 06:35:39 EDT
Description of problem:
During install of radvd on Rawhide with SELinux Enforcing:
/var/tmp/rpm-tmp.YDgPJ2: line 1: /sbin/groupadd: Permission denied
/var/tmp/rpm-tmp.YDgPJ2: line 3: /sbin/useradd: Permission denied
Installing : radvd-1.9.1-4.fc19.x86_64 64/112
warning: user radvd does not exist - using root
warning: group radvd does not exist - using root
Version-Release number of selected component (if applicable):
What's your selinux-policy version? I believe this is regression in SELinux policy (bug #809735) that has been already reported and seemingly fixed, or some files are mislabeled in your system.
I cannot reproduce your problem with current selinux-policy-3.11.1-18.fc18.noarch and following labels:
# ls -lZ /etc/group* /etc/gshadow*
-rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/group
-rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/group-
----------. root root system_u:object_r:shadow_t:s0 /etc/gshadow
----------. root root system_u:object_r:shadow_t:s0 /etc/gshadow-
If you still suffer from the problem, you will need to find help from SELinux maintainers by reassigning this report to selinux-policy component.
My password and group files are labelled the same way.
(Before and after the update -- selinux-policy was not
updated during this transaction)
More info to follow ..
Well there was going to be more info, but now this
machine goes into an infinite loop in dracut. Can't
be booted ...
Note this is Rawhide, not F18.
I know it's F19. SELinux guys do not build for rawhide thus the policy package has f18 tag. I performed the test on just updated F19.
I'm moving this report to selinux-policy because the radvd package script runs under rpm identity and it's confined by SELinux.
I would need to see outputs of
# semodule -DB
# yum install <whatever_causes_issue>
# ausearch -m avc -ts recent
Never mind .. after downgrading radvd and upgrading radvd,
the error message is gone. So I'll say that this has been
fixed in rawhide.