On Fri, 2016-01-15 at 08:08 -0800, Doug H. wrote: > After about a day of not having crontabs running I realized that > SELinux was stopping both user and root crontab jobs. I messed with > it > and then discovered: > > https://bugzilla.redhat.com/show_bug.cgi?id=1298192 > (Recent dnf updates caused crontabs to be restricted. Reboot to last > kernel fixes that.) > > I added myself to that bug but I had already broken SELinux to the > point where it would not work properly even if I rebooted to the > previous kernel. I was willing to be stupid/brave about messing with > it since I figure that if I can't get it back in order then I don't > know enough about it. A full relabel takes about ten minutes on my > system, so it is not terrible. > > I have been with "Fedora" since it was "Redhat 5.0" but only enabled > SELinux after upgrading to F23. This bug keeps making me want to go > back to "disabled" but then I come back to it and do some more > googling. > > My last attempt to fix it was with: > > (reformatted to easier reading) > dnf reinstall > libselinux-utils > selinux-policy > libselinux-devel > libselinux-python3 > libselinux.i686 > libselinux-python > selinux-policy-targeted > rpm-plugin-selinux > libselinux.x86_64 > > Then a reboot to do the relabel and run with "permissive" to debug. > It > had lots of issues. I suspect that most were simply that I was doing > working as the admin for my machine and that was not properly set. > > My question: > > Can anybody suggest a series of steps to put my F23 SELinux > installation in line with the default workstation install of F23? > > Note that I was previously running: > setsebool -P httpd_enable_homedirs 1 > setsebool -P httpd_read_user_content 1 > I happen to have a personal use web server running out of /home/httpd > and I would rather leave it there since /home is a partition. The > point being that I am fine with running the basic allows that SELinux > Troubleshooter identified when I first enabled it. Ok, seems that `dnf reinstall` might have been the issue. I am back up with SELinux enforcing after: dnf remove selinux-policy selinux-policy-targeted rm -rf /etc/selinux touch /.autorelabel I first booted to the recent/current kernel and all was good with crontabs still blocked as expected so I rebooted to 4.2.8-300 and now all is working and SELinux is back in the picture. Will now wait for the bug to be fixed. -- Doug H. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
