targeted policy: crond_t now invalid for initrc_t ?

[Tom London]

On Tue, 25 Jan 2005 12:10:52 -0500, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> Ok, you need to change the policy for crond.te
> 
> --- crond.te~   2005-01-21 16:16:11.000000000 -0500
> +++ crond.te    2005-01-25 12:04:52.000000000 -0500
> @@ -19,5 +19,5 @@
>  type sysadm_cron_spool_t, file_type, sysadmfile;
>  type crond_log_t, file_type, sysadmfile;
>  type crond_var_run_t, file_type, sysadmfile;
> -domain_auto_trans(initrc_t, crond_exec_t, crond_t)
> -domain_auto_trans(initrc_t, anacron_exec_t, crond_t)
> +domain_auto_trans(initrc_t, crond_exec_t, unconfined_t)
> +domain_auto_trans(initrc_t, anacron_exec_t, unconfined_t)
> 
> I will update policy and throw it out on people.
> 
> selinux-policy-targeted-1.21.3-2
> 
I updated to selinux-policy-targeted-1.21.3-3 and I think I'm still
seeing this problem:

Jan 26 08:33:18 localhost kernel: audit(1106757198.533:0):
security_compute_sid:  invalid context user_u:system_r:system_crond_t
for scontext=user_u:system_r:initrc_t
tcontext=system_u:object_r:crond_exec_t tclass=process
Jan 26 08:33:20 localhost kernel: audit(1106757200.158:0):
security_compute_sid:  invalid context user_u:system_r:system_crond_t
for scontext=user_u:system_r:initrc_t
tcontext=system_u:object_r:anacron_exec_t tclass=process
Jan 26 08:33:20 localhost kernel: audit(1106757200.370:0):
security_compute_sid:  invalid context user_u:system_r:system_crond_t
for scontext=user_u:system_r:initrc_t
tcontext=system_u:object_r:crond_exec_t tclass=process
Jan 26 08:33:29 localhost fstab-sync[3279]: removed all generated mount points

crond.te says:
type crond_var_run_t, file_type, sysadmfile;
domain_auto_trans(initrc_t, crond_exec_t, system_crond_t)
domain_auto_trans(initrc_t, anacron_exec_t, system_crond_t)
unconfined_domain(system_crond_t)

tom

tom
-- 
Tom London