On Tue, 25 Jan 2005 12:10:52 -0500, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> Ok, you need to change the policy for crond.te > > --- crond.te~ 2005-01-21 16:16:11.000000000 -0500 > +++ crond.te 2005-01-25 12:04:52.000000000 -0500 > @@ -19,5 +19,5 @@ > type sysadm_cron_spool_t, file_type, sysadmfile; > type crond_log_t, file_type, sysadmfile; > type crond_var_run_t, file_type, sysadmfile; > -domain_auto_trans(initrc_t, crond_exec_t, crond_t) > -domain_auto_trans(initrc_t, anacron_exec_t, crond_t) > +domain_auto_trans(initrc_t, crond_exec_t, unconfined_t) > +domain_auto_trans(initrc_t, anacron_exec_t, unconfined_t) > > I will update policy and throw it out on people. > > selinux-policy-targeted-1.21.3-2 > I updated to selinux-policy-targeted-1.21.3-3 and I think I'm still seeing this problem: Jan 26 08:33:18 localhost kernel: audit(1106757198.533:0): security_compute_sid: invalid context user_u:system_r:system_crond_t for scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:crond_exec_t tclass=process Jan 26 08:33:20 localhost kernel: audit(1106757200.158:0): security_compute_sid: invalid context user_u:system_r:system_crond_t for scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:anacron_exec_t tclass=process Jan 26 08:33:20 localhost kernel: audit(1106757200.370:0): security_compute_sid: invalid context user_u:system_r:system_crond_t for scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:crond_exec_t tclass=process Jan 26 08:33:29 localhost fstab-sync[3279]: removed all generated mount points crond.te says: type crond_var_run_t, file_type, sysadmfile; domain_auto_trans(initrc_t, crond_exec_t, system_crond_t) domain_auto_trans(initrc_t, anacron_exec_t, system_crond_t) unconfined_domain(system_crond_t) tom tom -- Tom London
