Re: Cron after upgrade (FC6 -> FC8)

Jouni Viikari <jouni@xxxxxxxxxxxx> · Wed, 21 Nov 2007 12:53:33 +0200 (EET)

On Mon, 19 Nov 2007, Daniel J Walsh wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jouni Viikari wrote:
Is it possible to run crontab job as a root any more on FC8?  I get this
in /var/log/cron and job is not run:

 ... crond[2511]: (root) Unauthorized SELinux context (cron/root)

Thanks,

Jouni

# ls -lZ /var/spool/cron/
-rw-------  root root system_u:object_r:unconfined_cron_spool_t root

# rpm -qa | grep selinux-policy-targeted
selinux-policy-targeted-3.0.8-53.fc8

I just tried my luck (just guessing):

# chcon -t sysadm_crond_t /var/spool/cron/root
chcon: failed to change context of /var/spool/cron/root to
system_u:object_r:sysadm_crond_t: Permission denied

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fixed in selinux-policy-3.0.8-56

Did not solve it:

crond[2511]: (root) Unauthorized SELinux context(cron/root).

# rpm -qa | grep selinux-policy
selinux-policy-targeted-3.0.8-56.fc8
selinux-policy-3.0.8-56.fc8

BTW, I wonder how to fix this message which is continuously popping up in 
the right way?  Which version is correct:

/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/lib/awstats(/.*)?
(system_u:object_r:httpd_sys_script_rw_t:s0 and
system_u:object_r:awstats_var_lib_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)?
(system_u:object_r:httpd_sys_script_exec_t:s0 and
system_u:object_r:httpd_awstats_script_exec_t:s0).

Just noticed that it looks like also my SquirrelMail is broken:

avc: denied { search } for comm=sendmail dev=dm-0 egid=51 euid=48
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0
name=mail pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 
sgid=51
subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 tclass=dir
tcontext=system_u:object_r:etc_mail_t:s0 tty=(none) uid=48

avc: denied { getattr } for comm=sendmail dev=dm-0 egid=51 euid=48
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0
path=/etc/mail pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 
sgid=51
subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 tclass=dir
tcontext=system_u:object_r:etc_mail_t:s0 tty=(none) uid=48

avc: denied { create } for comm=sendmail egid=51 euid=48
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0
pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 sgid=51
subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 
tclass=unix_dgram_socket
tcontext=system_u:system_r:httpd_sys_script_t:s0 tty=(none) uid=48

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list