Description of problem: Pam or to be more precise pam_rootok does not report AVCs in SELINUX, causing major headaches in writing polices, requiring, for example, a rule with allow random_t self:passwd rootok;, random being your type that needs access to pam_rootok. Version-Release number of selected component (if applicable): Version : 1.1.6 Release : 3.fc18.1 How reproducible: Just try to write a policy for something like zoneminder and end up with a big headache, when no AVCs show up in auditd. Steps to Reproduce: 1.n/a Actual results: No AVCs show in audit.log Expected results: Loads of AVCs should show up in audit.log Additional info: If in doubt, add allow random_t self:passwd rootok; to your policy or be a very unhappy person for a few days.
Can we get this fixed, please. This bug has been around for a long time and it is pretty severe. Many people are hitting this and the nature of the bug makes it hard to troubleshoot. I suspect that its not easy to fix this. If you cannot or do not want to fix it then please just remove this functionality altogether , but please do not ignore this issue. This object manager needs to log or not be a object manager at all.
*** This bug has been marked as a duplicate of bug 906679 ***