mod_auth_shadow

Summary
SELinux is preventing the /usr/sbin/validate from using potentially
mislabeled files <Unknown> (shadow_t).

Detailed Description
SELinux has denied the /usr/sbin/validate access to potentially mislabeled
files <Unknown>. This means that SELinux will not allow httpd to use these
files. Many third party apps install html files in directories that SELinux
policy cannot predict. These directories have to be labeled with a file
context which httpd can access.

Allowing Access
If you want to change the file context of <Unknown> so that the httpd daemon
can access it, you need to execute it using chcon -t httpd_sys_content_t
<Unknown>. You can look at the httpd_selinux man page for additional
information.

Additional Information

Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:shadow_t:s0
Target Objects None [ file ]
Affected RPM Packages mod_auth_shadow-2.2-3.fc7 [application]
Policy RPM selinux-policy-3.0.8-72.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.httpd_bad_labels
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.23.9-85.fc8 #1 SMP
Fri Dec 7 15:49:59 EST 2007 i686 i686
Alert Count 7
First Seen Thu Jan 3 23:35:49 2008
Last Seen Thu Jan 3 23:56:38 2008
Local ID a1df5aeb-e899-431f-9938-8318f0e8453a
Line Numbers

Raw Audit Messages

avc: denied { read } for comm=validate dev=dm-3 egid=48 euid=0
exe=/usr/sbin/validate exit=-13 fsgid=48 fsuid=0 gid=48 items=0 name=shadow
pid=31596 scontext=system_u:system_r:httpd_t:s0 sgid=48
subj=system_u:system_r:httpd_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:shadow_t:s0 tty=(none) uid=48