SELinux alert

Fernando Cassia fcassia at
Thu Apr 19 16:36:24 UTC 2012

Should I be worried about this?

SELinux is preventing useradd from write access on the directory /run.

*****  Plugin catchall (100. confidence) suggests

If you believe that useradd should be allowed write access on the run
directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep useradd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:system_r:useradd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_run_t:s0
Target Objects                /run [ dir ]
Source                        useradd
Source Path                   useradd
Port                          <Unknown>
Host                          2cabezas
Source RPM Packages
Target RPM Packages           filesystem-3-2.fc17.i686
Policy RPM                    selinux-policy-3.10.0-114.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     2cabezas
Platform                      Linux 2cabezas 3.3.2-1.fc17.i686 #1 SMP Fri
Apr 13
                              21:06:40 UTC 2012 i686 i686
Alert Count                   1
First Seen                    mié 18 abr 2012 13:13:48 ART
Last Seen                     mié 18 abr 2012 13:13:48 ART
Local ID                      2926be04-b387-449b-bbd3-90440403cb11

Raw Audit Messages
type=AVC msg=audit(1334765628.677:275): avc:  denied  { write } for
pid=1331 comm="useradd" name="/" dev="tmpfs" ino=6961
tcontext=system_u:object_r:var_run_t:s0 tclass=dir

Hash: useradd,useradd_t,var_run_t,dir,write

audit2allowunable to open /sys/fs/selinux/policy:  Permission denied

audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the test mailing list