I am seeing the cron daemon request capability sys_admin. The below seems to
indicate that vfork() is the relevant operation (190 seems to be vfork
according to ia32entry.S).
So how does vfork() require sys_admin?
type=AVC msg=audit(1234433821.879:6677): avc: denied { sys_admin } for
pid=9598 comm="cron" capability=21
scontext=system_u:system_r:crond_t:s0-s0:c0.c1023
tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=capability
type=SYSCALL msg=audit(1234433821.879:6677): arch=40000003 syscall=190
success=yes exit=9600 a0=0 a1=804ca00 a2=257e a3=0 items=0 ppid=3701 pid=9598
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="cron" exe="/usr/sbin/cron"
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
--
russell@xxxxxxxxxxxx
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
