On 04/15/2009 06:28 PM, Antonio Olivares wrote:
--- On Wed, 4/15/09, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote:
From: Daniel J Walsh<dwalsh@xxxxxxxxxx>
Subject: Re: selinux and crontab one-more-time
To: olivares14031@xxxxxxxxx
Cc: fedora-selinux-list@xxxxxxxxxx
Date: Wednesday, April 15, 2009, 6:09 AM
On 04/15/2009 08:38 AM, Antonio Olivares wrote:
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I tried everything you described and it worked
fine. THe
unconfined_t:unix_stream_socket is coming from the
leaked
file
descriptor in Konsole, I believe.
It is working, but on the other machine I can't
edit crontab. Only on this one. But why do I see this
message?
Thanks,
Antonio
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is the other machine fully upgraded to the latest policy?
Make sure the
policy installed successfully.
yum reinstall selinux-policy-targeted
The message is caused by leaks in file descriptors within
Konsole.
[olivares@riohigh ~]$ whoami
olivares
[olivares@riohigh ~]$ crontab -l
cron/olivares: Permission denied
[olivares@riohigh ~]$ crontab -e
cron/olivares: Permission denied
[olivares@riohigh ~]$ dmesg | grep 'avc'
[olivares@riohigh ~]$ rpm -qa selinux-policy-targeted
selinux-policy-targeted-3.6.12-4.fc11.noarch
Doing the steps you outlined.
[root@riohigh ~]# yum reinstall selinux-policy-targeted
Setting up Reinstall Process
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.6.12-4.fc11 set to be erased
---> Package selinux-policy-targeted.noarch 0:3.6.12-4.fc11 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
selinux-policy-targeted noarch 3.6.12-4.fc11 rawhide 2.1 M
Removing:
selinux-policy-targeted noarch 3.6.12-4.fc11 installed 2.3 M
Transaction Summary
================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 1 Package(s)
Total download size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
selinux-policy-targeted-3.6.12-4.fc11.noarch.rpm | 2.1 MB 00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing : selinux-policy-targeted 1/2
Installing : selinux-policy-targeted 1/2
Removed:
selinux-policy-targeted.noarch 0:3.6.12-4.fc11
Installed:
selinux-policy-targeted.noarch 0:3.6.12-4.fc11
Complete!
makes no difference :(, Can't modify my crontab to change certain things.
[olivares@riohigh ~]$ crontab -l
cron/olivares: Permission denied
[olivares@riohigh ~]$ crontab -e
cron/olivares: Permission denied
Regards,
Antonio
Putting the machine in permssive mode you are able to execute these
commands?
No avc messages about crontab, other then the leaked file descritptor?
# ls -lZ /var/spool/cron
Could you try to add a custom policy to allow the avc's about
unconfined_t and see if the crontab command works.
# grep crontab /var/log/audit/audit.log | audit2allow -m mycrontab
# semodule -i mycrontab.pp
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
