[redhat-lspp] useradd SELinux context question

[Michael C Thompson]

I have seen types of behaviour exhibited by the useradd tool: functional 
and non-functional under enforcing mode. The most recent time I tried to 
recreate the successful transcript below, I was unable to successfully 
create the /home/<user> directory, which caused the entire useradd 
operation to fail. Adding a user with the -M (no home dir creation) 
option succeeds.

This should be a sysadm operation, any ideas what is causing it to fail? 
It did work once before, but now it doesn't... see the unsuccessful 
transcript for the details.


Unsuccessful transcript:
[root at dyn94141107 ~]# id
uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
context=root:sysadm_r:sysadm_t:SystemHigh
[root at dyn94141107 ~]# useradd -m ealuser
useradd: unable to lock password file

[root at dyn94141107 ~]# id
uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
context=root:sysadm_r:sysadm_t:SystemLow-SystemHigh
[root at dyn94141107 ~]# ls /home
mcthomps  mlstestuser
[root at dyn94141107 ~]# useradd -m ealuser
useradd: cannot create directory /home/ealuser



Successful Transcript:
[root at dyn94141107 ~]# id
uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
context=root:sysadm_r:sysadm_t:SystemLow-SystemHigh

[root at dyn94141107 ~]# useradd -c "admin style user" -m ealuser

[root at dyn94141107 ~]# ls /home -alZ
drwxr-xr-x  root     root 
system_u:object_r:home_root_t:SystemLow-SystemHigh .
drwxr-xr-x  root     root     system_u:object_r:root_t:SystemLow ..
drwxr-xr-x  ealuser  ealuser  root:object_r:user_home_dir_t:SystemLow 
ealuser

The "problem" for the successful transcript is that the permission for 
the ealuser homedir is the SELinux user is root. Is this a bug or is the 
secadm supposed to come in and fix this?


If I can provide any more information that would be useful, let me know.

Thanks,
Mike