On Thu, 30 Jul 2020 02:47:22 +0800 Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: > > In the above, is PID 5954 the crond process? If you run ps with the > -Z option do you get something like > > [egreshko@f31k ~]$ ps p 821 -Z > LABEL PID TTY STAT TIME COMMAND > system_u:system_r:crond_t:s0-s0:c0.c1023 821 ? Ss 0:00 > /usr/sbin/crond -n LABEL PID TTY STAT TIME COMMAND system_u:system_r:crond_t:s0-s0:c0.c1023 3167 ? Ss 0:00 /usr/sbin/crond -n > Do you happen to have another F31 system which doesn't have dwatch > installed? All of my F31 systems are running cron jobs just fine and > they are all fully updated. No, but I removed dwatch from /etc/cron.d, and the behavior persists. I think I have something installed that you do not, though it is good to see that your systems are running fine. > Jul 30 02:01:01 f31k.greshko.com CROND[2417]: (root) CMD (run-parts > /etc/cron.hourly) Jul 30 02:01:01 f31k.greshko.com run-parts[2420]: > (/etc/cron.hourly) starting 0anacron Jul 30 02:01:01 f31k.greshko.com > run-parts[2428]: (/etc/cron.hourly) finished 0anacron If I boot with enforcing=0 as a kernel option, I see this happen. > > Do you think having dwatch installed may be significant? And, did > you mention that in the bugzilla? It sounds to me like an important > detail. No, I don't think dwatch is significant, it is just the job I noticed. It was running fine on July 25, I updated, and on reboot on July 26, I see this behavior. I think this is the problem: crond[5954]: (*system*) NULL security context for user, but SELinux in permissive mode, continuing () crond only starts and runs properly when selinux is disabled. It hasn't been updated since last year, selinux was last updated in June, and the container-selinux package doesn't seem to have anything to do with this even though it was updated on July 25. With enforcing 0, restart crond, no dwatch Jul 29 12:25:03 localhost.localdomain crond[12307]: (CRON) INFO (@reboot jobs will be run at computer's startup.) Jul 29 12:25:03 localhost.localdomain crond[12307]: (CRON) INFO (running with inotify support) Jul 29 12:25:03 localhost.localdomain crond[12307]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/cron.d/0hourly) Jul 29 12:25:03 localhost.localdomain crond[12307]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/cron.d/atop) Jul 29 12:25:03 localhost.localdomain crond[12307]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/cron.d/moodle) Jul 29 12:25:03 localhost.localdomain crond[12307]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/cron.d/mailman) Jul 29 12:25:03 localhost.localdomain crond[12307]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/cron.d/rear) Jul 29 12:25:03 localhost.localdomain crond[12307]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/crontab) Jul 29 12:25:03 localhost.localdomain crond[12307]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 30% if used.) Jul 29 12:25:03 localhost.localdomain crond[12307]: (CRON) STARTUP (1.5.4) Jul 29 12:25:03 localhost.localdomain systemd[1]: Started Command Scheduler. Jul 29 12:25:03 localhost.localdomain systemd[1]: Stopped Command Scheduler. Jul 29 12:25:03 localhost.localdomain systemd[1]: crond.service: Succeeded. Jul 29 12:25:03 localhost.localdomain crond[11695]: (CRON) INFO (Shutting down) Jul 29 12:25:03 localhost.localdomain systemd[1]: Stopping Command Scheduler... With enforcing 1, restart crond, no dwatch Jul 29 12:25:47 localhost.localdomain crond[12324]: (CRON) INFO (@reboot jobs will be run at computer's startup.) Jul 29 12:25:47 localhost.localdomain crond[12324]: (CRON) INFO (running with inotify support) Jul 29 12:25:47 localhost.localdomain crond[12324]: (root) FAILED (loading cron table) Jul 29 12:25:47 localhost.localdomain crond[12324]: ((null)) No SELinux security context (/etc/cron.d/0hourly) Jul 29 12:25:47 localhost.localdomain crond[12324]: (root) FAILED (loading cron table) Jul 29 12:25:47 localhost.localdomain crond[12324]: ((null)) No SELinux security context (/etc/cron.d/atop) Jul 29 12:25:47 localhost.localdomain crond[12324]: (root) FAILED (loading cron table) Jul 29 12:25:47 localhost.localdomain crond[12324]: ((null)) No SELinux security context (/etc/cron.d/moodle) Jul 29 12:25:46 localhost.localdomain crond[12324]: (root) FAILED (loading cron table) Jul 29 12:25:46 localhost.localdomain crond[12324]: ((null)) No SELinux security context (/etc/cron.d/mailman) Jul 29 12:25:46 localhost.localdomain crond[12324]: (root) FAILED (loading cron table) Jul 29 12:25:46 localhost.localdomain crond[12324]: ((null)) No SELinux security context (/etc/cron.d/rear) Jul 29 12:25:46 localhost.localdomain crond[12324]: (root) FAILED (loading cron table) Jul 29 12:25:46 localhost.localdomain crond[12324]: ((null)) No SELinux security context (/etc/crontab) Jul 29 12:25:46 localhost.localdomain crond[12324]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 28% if used.) Jul 29 12:25:46 localhost.localdomain crond[12324]: (CRON) STARTUP (1.5.4) Jul 29 12:25:46 localhost.localdomain systemd[1]: Started Command Scheduler. Jul 29 12:25:46 localhost.localdomain systemd[1]: Stopped Command Scheduler. Jul 29 12:25:46 localhost.localdomain systemd[1]: crond.service: Succeeded. Jul 29 12:25:46 localhost.localdomain crond[12307]: (CRON) INFO (Shutting down) Jul 29 12:25:46 localhost.localdomain systemd[1]: Stopping Command Scheduler... I think something (inadvertently) changed the selinux security context that crond is started with, systemd happily starts it in either case, ignoring any difference, but when it runs, the missing security context prevents it from actually performing its function. I reinstalled all the selinux components, and still the problem persists. I'm going to drop this for a while, see if anything comes to me. I have your workaround for the time being. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx