EL8: SElinux / dac_override / tmpwatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi, I'm moving some old stuff from EL6 to EL8 and one setup has a
cron job which uses "tmpwatch -umc $dir" to clean some directories
(/etc/cron.daily/tmpwatch). It seems that this triggers this AVC
(SElinux mode is enforcing):
type=AVC msg=audit(1598576896.772:4267): avc: denied { dac_override } for pid=11013 comm="tmpwatch" capability=1 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tclass=capability permissive=0 

The tmpwatch exec line had "--force" before and I was hopping that this
"capability" was the cause and deleted it but this night the AVC are still appearing. 

Is cron running in EL8 with stripped CAPs of? Does some one have an
idea to address this?

--
Thanks,
Leon





_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux