On Thu, 2024-09-12 at 10:51 +0100, Patrick O'Callaghan wrote: > On Thu, 2024-09-12 at 12:14 +0930, Tim via users wrote: > > On Wed, 2024-09-11 at 12:19 +0100, Patrick O'Callaghan wrote: > > > Turns out I don't need any of this. If I substitute my original crontab > > > line for one that simply calls a Shell script which in turn calls > > > apachectl, then it all works with no AVC. > > > > ENVironment differences? The crontab versus your shell's? Try dumping > > all the ENV variables to a text file, via crontab entry. > > The shell script is called directly from the crontab line, so > presumably the ENV variables are the same. In any case, this the > environment passed on: > > SHELL=/bin/sh > PWD=/root > LOGNAME=root > HOME=/root > LANG=en_GB.UTF-8 > USER=root > SHLVL=1 > PATH=/usr/bin:/bin:/usr/sbin:/sbin > _=/usr/bin/printenv > > There's nothing there that should affect SElinux. Looks like I was wrong. Using the shell script still produces the AVC, which for some reason I hadn't spotted. At least it's consistent. I suspect the real problem is that the cron line is running as root, but Apache wants to run as the apache user. I'll try using 'crontab -u apache ...' to see if that makes any difference. poc -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
