-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jouni Viikari wrote: > On Mon, 19 Nov 2007, Daniel J Walsh wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Jouni Viikari wrote: >>> Is it possible to run crontab job as a root any more on FC8? I get this >>> in /var/log/cron and job is not run: >>> >>> ... crond[2511]: (root) Unauthorized SELinux context (cron/root) >>> >>> >>> Thanks, >>> >>> Jouni >>> >>> >>> # ls -lZ /var/spool/cron/ >>> -rw------- root root system_u:object_r:unconfined_cron_spool_t root >>> >>> # rpm -qa | grep selinux-policy-targeted >>> selinux-policy-targeted-3.0.8-53.fc8 >>> >>> I just tried my luck (just guessing): >>> >>> # chcon -t sysadm_crond_t /var/spool/cron/root >>> chcon: failed to change context of /var/spool/cron/root to >>> system_u:object_r:sysadm_crond_t: Permission denied >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> Fixed in selinux-policy-3.0.8-56 > > Did not solve it: > > crond[2511]: (root) Unauthorized SELinux context(cron/root). > > # rpm -qa | grep selinux-policy > selinux-policy-targeted-3.0.8-56.fc8 > selinux-policy-3.0.8-56.fc8 > > > BTW, I wonder how to fix this message which is continuously popping up > in the right way? Which version is correct: > > /etc/selinux/targeted/contexts/files/file_contexts: Multiple different > specifications for /var/lib/awstats(/.*)? > (system_u:object_r:httpd_sys_script_rw_t:s0 and > system_u:object_r:awstats_var_lib_t:s0). > /etc/selinux/targeted/contexts/files/file_contexts: Multiple different > specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)? > (system_u:object_r:httpd_sys_script_exec_t:s0 and > system_u:object_r:httpd_awstats_script_exec_t:s0). These looks like you did some local customization of these directrories. I would remove your local mods. semanage fcontext -d '/usr/share/awstats/wwwroot/cgi-bin(/.*)?' semanage fcontext -d '/var/lib/awstats(/.*)?' I would almost always go with the more specific. :^) > > > Just noticed that it looks like also my SquirrelMail is broken: > > avc: denied { search } for comm=sendmail dev=dm-0 egid=51 euid=48 > exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0 > name=mail pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 sgid=51 > subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 tclass=dir > tcontext=system_u:object_r:etc_mail_t:s0 tty=(none) uid=48 > > avc: denied { getattr } for comm=sendmail dev=dm-0 egid=51 euid=48 > exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0 > path=/etc/mail pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 > sgid=51 > subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 tclass=dir > tcontext=system_u:object_r:etc_mail_t:s0 tty=(none) uid=48 > > avc: denied { create } for comm=sendmail egid=51 euid=48 > exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0 > pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 sgid=51 > subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 > tclass=unix_dgram_socket > tcontext=system_u:system_r:httpd_sys_script_t:s0 tty=(none) uid=48 > setsebool -P http_can_sendmail 1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHRFSWrlYvE4MpobMRAtUOAJ9vqkqyDyJyiRLoJlbhvGvvfTgB9gCfUKgA N7vFvYgvjAgAkDjk88qst9s= =uIyS -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
