I am about to pull what little is left of my hair out. I decided to upgrade from FC1 to FC2 by pointing yum to a FC2 repository and upgrading all packages. This worked for the most part but I am having massive problems with SELinux. I am not sure that SELinux got setup properly. One of this biggest problems that I have is that crond now no longer runs. I have been following the Fedora SELinux FAQ to get up to speed with lots of google searches and watching this list but I have not been able to solve my problem. My first problem is that system crond is not running. My user crontab is running fine. So, my question is could someone help me 1.) Make sure my setup is correct. 2.) Get the correct policies setup (I am also having a problem with postfix, but I think if I get #1 then there is enough info on the web to solve that problem). Also, the reason I think there is a configuration problem was because when following the FAQ to add a user: ------------------------------ EXCERPT: http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/index.html#id3004455 Q: How can I create a new Linux user account with the user's home directory having the proper context? A: You can create your new user with the standard useradd command, but first you must become root with a context of sysadm_r. This context switch has been incorporated into the su command: %>su - root Your default context is root:sysadm_r:sysadm_t. Do you want to choose a different one? [n] n %>useradd auser %>ls -Z /home drwxr-xr-x auser auser root:object_r:user_home_dir_t /home/auser ------------------------------ So I thought if I ran ls -Z /home I would get a similar result? ------------------------------ OUTPUT: ls -Z /home drwxr--r--+ <user> <group> (null) <user> Also, I get the (null) report on all directories in /root. ------------------------------ OUTPUT: sudo /usr/sbin/sestatus -v SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Policy version: 17 Policy booleans: user_ping inactive Process contexts: Current context: user_u:sysadm_r:sysadm_t Init context: system_u:system_r:kernel_t /sbin/mingetty system_u:system_r:kernel_t /usr/sbin/sshd system_u:system_r:kernel_t File contexts: Controlling term: user_u:object_r:devpts_t ----------------- EXCERPT: /var/log/messages Jul 12 12:00:00 sun kernel: audit(1089651600.583:0): avc: denied { compute_user } for pid=27396 exe=/usr/sbin/crond scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security Jul 12 12:00:00 sun kernel: audit(1089651600.584:0): avc: denied { compute_av } for pid=27396 exe=/usr/sbin/crond scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security Jul 12 12:00:00 sun kernel: audit(1089651600.586:0): avc: denied { check_context } for pid=27396 exe=/usr/sbin/crond scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security Jul 12 12:00:00 sun kernel: audit(1089651600.586:0): avc: denied { write } for pid=27396 exe=/usr/sbin/crond name=exec dev=proc ino=1795424277 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=file Jul 12 12:00:00 sun kernel: audit(1089651600.587:0): avc: denied { setexec } for pid=27396 exe=/usr/sbin/crond scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=process Jul 12 12:00:00 sun kernel: audit(1089651600.587:0): avc: denied { transition } for pid=27396 exe=/usr/sbin/crond path=/bin/bash dev=hda3 ino=3850263 scontext=system_u:system_r:kernel_t tcontext=user_u:sysadm_r:sysadm_t tclass=process Jul 12 12:00:00 sun kernel: audit(1089651600.590:0): avc: denied { siginh } for pid=27396 exe=/bin/bash scontext=system_u:system_r:kernel_t tcontext=user_u:sysadm_r:sysadm_t tclass=process Jul 12 12:00:00 sun kernel: audit(1089651600.590:0): avc: denied { rlimitinh } for pid=27396 exe=/bin/bash scontext=system_u:system_r:kernel_t tcontext=user_u:sysadm_r:sysadm_t tclass=process Jul 12 12:00:00 sun kernel: audit(1089651600.590:0): avc: denied { noatsecure } for pid=27396 exe=/bin/bash scontext=system_u:system_r:kernel_t tcontext=user_u:sysadm_r:sysadm_t tclass=process Jul 12 12:00:01 sun kernel: audit(1089651601.074:0): avc: denied { execute } for pid=27400 exe=/usr/sbin/crond name=sendmail.postfix dev=hda3 ino=3391852 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:sendmail_exec_t tclass=file Jul 12 12:00:01 sun kernel: audit(1089651601.074:0): avc: denied { execute_no_trans } for pid=27400 exe=/usr/sbin/crond path=/usr/sbin/sendmail.postfix dev=hda3 ino=3391852 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:sendmail_exec_t tclass=file
