Dan
On Thu, Apr 19, 2012 at 9:36 AM, Fernando Cassia <fcassia@xxxxxxxxx> wrote:
Should I be worried about this?
SELinux is preventing useradd from write access on the directory /run.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that useradd should be allowed write access on the run directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep useradd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context unconfined_u:system_r:useradd_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_run_t:s0
Target Objects /run [ dir ]
Source useradd
Source Path useradd
Port <Unknown>
Host 2cabezas
Source RPM Packages
Target RPM Packages filesystem-3-2.fc17.i686
Policy RPM selinux-policy-3.10.0-114.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name 2cabezas
Platform Linux 2cabezas 3.3.2-1.fc17.i686 #1 SMP Fri Apr 13
21:06:40 UTC 2012 i686 i686
Alert Count 1
First Seen mié 18 abr 2012 13:13:48 ART
Last Seen mié 18 abr 2012 13:13:48 ART
Local ID 2926be04-b387-449b-bbd3-90440403cb11
Raw Audit Messages
type=AVC msg=audit(1334765628.677:275): avc: denied { write } for pid=1331 comm="useradd" name="/" dev="tmpfs" ino=6961 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
Hash: useradd,useradd_t,var_run_t,dir,write
audit2allowunable to open /sys/fs/selinux/policy: Permission denied
audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
