On Fri, 2013-05-24 at 08:28 +0100, Frank Murphy wrote: > The following showing up fron one box. > The box is enforcing, system-config-selinux shows as such. > What do I need to fix, or is cron meant to be permissive.? As for the "is cron meant to be permissive" question: # seinfo --permissive Permissive Types: 14 openvswitch_t systemd_localed_t virt_qemu_ga_t pkcsslotd_t realmd_t isnsd_t mandb_t rngd_t slpd_t smsd_t glusterd_t stapserver_t systemd_hostnamed_t sensord_t The answer, i guess, is: no cron should not be permissive As for what do i need to fix it, i am not sure. Could you grep -i selinux_err /var/log/audit/audit.log? > > > --------------------- Cron Begin ------------------------ > > > **Unmatched Entries** > NULL security context for user, but SELinux in permissive mode, > continuing () Unauthorized SELinux > context=unconfined_u:unconfined_r:unconfined_t:s0 > file_context=unconfined_u:object_r:user_cron_spool_t:s0 > (/var/spool/cron/root) SELinux in permissive mode, continuing > (/var/spool/cron/root) Unauthorized SELinux > context=unconfined_u:unconfined_r:unconfined_t:s0 > file_context=unconfined_u:object_r:user_cron_spool_t:s0 > (/var/spool/cron/root) SELinux in permissive mode, continuing > (/var/spool/cron/root) NULL security context for user, but SELinux in > permissive mode, continuing () NULL security context for user, but > SELinux in permissive mode, continuing () NULL security context for > user, but SELinux in permissive mode, continuing () NULL security > context for user, but SELinux in permissive mode, continuing () > ---------------------- Cron End ------------------------- > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
