On 5/23/06, Knute Johnson <knute(a)frazmtn.com> wrote:
> I found some interesting things in my 'messages' log today. I'm not
> sure what they mean and would appreciate any information.
>
> This one is the most bothersome. It appears that 'useradd' was
> prevented from running this morning only I didn't run it. Would any
> other programs run 'useradd' and what would cause it to be denied?
>
> May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:
> denied { write } for pid=13906 comm="useradd" name="[1708464]"
> dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file
>
Need some more information to help on this:
What is your OS and its version?
What is your selinux set to?
When was the last time you updated your system to?
FC5. Kernel 2.6.16-1.2111_FC5.
I assume you mean by to, is it enforcing and targeted? It is.
May 15 04:18:39 Updated: selinux-policy.noarch 2.2.38-1.fc5
May 15 04:20:24 Updated: selinux-policy-targeted.noarch 2.2.38-1.fc5
/etc/selinux/conf
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
Thanks very much,
--
Knute Johnson
Molon Labe...