SELINUX_ERR during update of libgnome

Tom London selinux at gmail.com
Thu Dec 20 14:34:44 UTC 2007 

More from today's update, this time running permissive:

type=SELINUX_ERR msg=audit(1198161003.852:35): security_compute_sid:
invalid context unconfined_u:unconfined_r:useradd_t:s0 for
scontext=unconfined_u:unconfined_r:rpm_script_t:s0
tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1198161003.852:35): arch=40000003 syscall=11
success=yes exit=0 a0=81c0ee8 a1=81c0248 a2=81bfbc8 a3=0 items=0
ppid=4036 pid=4037 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="useradd" exe="/usr/sbin/useradd"
subj=unconfined_u:unconfined_r:useradd_t:s0 key=(null)
type=USER_CHAUTHTOK msg=audit(1198161003.958:36): user pid=4037 uid=0
auid=500 subj=unconfined_u:unconfined_r:useradd_t:s0 msg='op=adding
user acct=gdm exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=?
res=failed)'
type=SELINUX_ERR msg=audit(1198161003.960:37): security_compute_sid:
invalid context unconfined_u:unconfined_r:useradd_t:s0 for
scontext=unconfined_u:unconfined_r:rpm_script_t:s0
tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1198161003.960:37): arch=40000003 syscall=11
success=yes exit=0 a0=81c0058 a1=81bfda0 a2=81bfe38 a3=0 items=0
ppid=4036 pid=4038 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="usermod" exe="/usr/sbin/usermod"
subj=unconfined_u:unconfined_r:useradd_t:s0 key=(null)
type=USER_CHAUTHTOK msg=audit(1198161003.993:38): user pid=4038 uid=0
auid=500 subj=unconfined_u:unconfined_r:useradd_t:s0 msg='op=changing
user shell acct=gdm exe="/usr/sbin/usermod" (hostname=?, addr=?,
terminal=? res=success)'

from around here:
  Updating  : gtk2-devel                   ####################### [19/62]
  Updating  : gdm                          ####################### [20/62]
  Updating  : ipsec-tools                  ####################### [21/62]


I'd like to understand the issue here.

Is the error message saying that a transition to
unconfined_u:unconfined_r:useradd_t:s0 from
scontext=unconfined_u:unconfined_r:rpm_script_t:s0 hasn't be allowed?

tom
-- 
Tom London

More information about the fedora-selinux-list mailing list