avc denied messages from system cron

Richard Hally rhallyx at mindspring.com
Mon Jun 14 06:01:04 UTC 2004


While running the 427  kernel in enforcing mode and 
selinux-policy-strict-1.13.4-5,
the following avc denied messages occur from the system cron hourly job:


Jun 13 22:01:00 new2 kernel: audit(1087178460.748:0): avc:  denied  { 
read } for  pid=3306 exe=/bin/bash name=mtab dev=hda2 ino=869481 
scontext=system_u:system_r:crond_t 
tcontext=system_u:object_r:etc_runtime_t tclass=file
Jun 13 22:01:00 new2 kernel: audit(1087178460.748:0): avc:  denied  { 
getattr }
for  pid=3306 exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454 
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t 
tclass=file
Jun 13 22:01:00 new2 kernel: audit(1087178460.792:0): avc:  denied  { 
getattr }
for  pid=3306 exe=/bin/bash path=/usr/bin/run-parts dev=hda2 ino=55784 
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:bin_t 
tclass=file


HTH
Richard Hally



More information about the fedora-selinux-list mailing list