avc denied messages from system cron
Richard Hally
rhallyx at mindspring.com
Mon Jun 14 06:01:04 UTC 2004
While running the 427 kernel in enforcing mode and
selinux-policy-strict-1.13.4-5,
the following avc denied messages occur from the system cron hourly job:
Jun 13 22:01:00 new2 kernel: audit(1087178460.748:0): avc: denied {
read } for pid=3306 exe=/bin/bash name=mtab dev=hda2 ino=869481
scontext=system_u:system_r:crond_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
Jun 13 22:01:00 new2 kernel: audit(1087178460.748:0): avc: denied {
getattr }
for pid=3306 exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t
tclass=file
Jun 13 22:01:00 new2 kernel: audit(1087178460.792:0): avc: denied {
getattr }
for pid=3306 exe=/bin/bash path=/usr/bin/run-parts dev=hda2 ino=55784
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:bin_t
tclass=file
HTH
Richard Hally
More information about the fedora-selinux-list
mailing list