Should cron jobs be allowed to access the user's X session?
Aleksey Nogin
aleksey at nogin.org
Sat Mar 20 07:54:37 UTC 2004
I have a cron job that pops up a "reminder" message in my X session
(provided I have one at that time). Should this be allowed? I am getting:
audit(1079766600.874:0): avc: denied { getattr } for pid=5767
exe=/usr/bin/python path=/home dev=hda2 ino=3777313
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:home_root_t tclass=dir
audit(1079766600.915:0): avc: denied { getsched } for pid=5767
exe=/usr/bin/python scontext=aleksey:staff_r:staff_crond_t
tcontext=aleksey:staff_r:staff_crond_t tclass=process
audit(1079766601.549:0): avc: denied { search } for pid=5767
exe=/usr/bin/python name=.X11-unix dev=hda2 ino=229366
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:xdm_xserver_tmp_t tclass=dir
audit(1079766601.550:0): avc: denied { write } for pid=5767
exe=/usr/bin/python name=X0 dev=hda2 ino=229060
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:xdm_xserver_tmp_t tclass=sock_file
audit(1079766601.576:0): avc: denied { connectto } for pid=5767
exe=/usr/bin/python path=/tmp/.X11-unix/X0
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:system_r:xdm_xserver_t tclass=unix_stream_socket
audit(1079766601.576:0): avc: denied { read } for pid=5767
exe=/usr/bin/python name=.Xauthority dev=hda2 ino=311184
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:staff_home_xauth_t tclass=file
audit(1079766601.577:0): avc: denied { getattr } for pid=5767
exe=/usr/bin/python path=/home/aleksey/.Xauthority dev=hda2 ino=311184
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:staff_home_xauth_t tclass=file
audit(1079766602.836:0): avc: denied { search } for pid=5767
exe=/usr/bin/python name=fonts dev=hda2 ino=114501
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:fonts_t tclass=dir
audit(1079766602.883:0): avc: denied { read } for pid=5767
exe=/usr/bin/python name=fonts.cache-1 dev=hda2 ino=114575
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:fonts_t tclass=file
audit(1079766602.885:0): avc: denied { getattr } for pid=5767
exe=/usr/bin/python path=/usr/share/fonts dev=hda2 ino=114501
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:fonts_t tclass=dir
audit(1079766602.885:0): avc: denied { getattr } for pid=5767
exe=/usr/bin/python path=/usr/share/fonts/fonts.cache-1 dev=hda2
ino=114575 scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:fonts_t tclass=file
audit(1079766603.005:0): avc: denied { read } for pid=5767
exe=/usr/bin/python name=OTF dev=hda2 ino=4366585
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:fonts_t tclass=dir
audit(1079767201.115:0): avc: denied { search } for pid=5794
exe=/usr/bin/python name=.X11-unix dev=hda2 ino=229366
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:xdm_xserver_tmp_t tclass=dir
audit(1079767201.115:0): avc: denied { write } for pid=5794
exe=/usr/bin/python name=X0 dev=hda2 ino=229060
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:xdm_xserver_tmp_t tclass=sock_file
audit(1079767201.116:0): avc: denied { read } for pid=5794
exe=/usr/bin/python name=.Xauthority dev=hda2 ino=311184
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:staff_home_xauth_t tclass=file
audit(1079767201.116:0): avc: denied { getattr } for pid=5794
exe=/usr/bin/python path=/home/aleksey/.Xauthority dev=hda2 ino=311184
scontext=aleksey:staff_r:staff_crond_t
tcontext=system_u:object_r:staff_home_xauth_t tclass=file
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list