Problems creating a directory in /usr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I have a user application (the Reality/Pick database from Northgate Reality) that requires the creation of a user before install.
That user *must* have as their home directory : /usr/realman. Prior to F16 i used to do "useradd -r -d /usr/realman -m realman".

On the most recent versions of Fedora this fails with :  "useradd: cannot create directory /usr/realman".

I get an AVN which is : "
Clivetime->Fri Feb  8 10:30:02 2013
type=SYSCALL msg=audit(1360319402.989:97): arch=c000003e syscall=83 success=no exit=-13 #============= useradd_t ==============
#!!!! The source type 'useradd_t' can write to a 'dir' of the following types:
# selinux_config_t, stapserver_var_lib_t, user_home_dir_t, default_context_t, httpd_user_content_type, mail_spool_t, etc_t, semanage_tmp_t, config_home_t, var_t, semanage_store_t, selinux_login_config_t, httpd_user_script_exec_type, selinux_config_t, pcscd_var_run_t, tmp_t, user_home_type, semanage_store_t, file_context_t, home_root_t

allow useradd_t usr_t:dir write;
 7fff498c2639 a1=0 a2=7f26197f6750 a3=6165726373662f72 items=0 ppid=1855 pid=2277 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1360319402.989:97): avc:  denied  { write } for  pid=2277 comm="useradd" name="usr" dev="sda11" ino=917505 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir".

Audit2why says : "type=AVC msg=audit(1360319402.989:97): avc:  denied  { write } for  pid=2277 comm="useradd" name="usr" dev="sda11" ino=917505 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir

Was caused by:
Missing type enforcement (TE) allow rule.

You can use audit2allow to generate a loadable module to allow this access.
"
and audit2allow says : "

which I find confusing as it makes no reference to the /usr/realman or for that matter /usr directories.

Please advise what I need to do to have it writeable by this application (which is closed source to which I have no access.

Many thanks
Clive


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux