mailman, cron, /bin/sh (more on Re: restorecon vs. setfiles???)
Stephen Smalley
sds at epoch.ncsc.mil
Mon May 24 12:17:14 UTC 2004
On Fri, 2004-05-21 at 16:30, Tom London wrote:
> I did a FC2 install 'everything' and that seems to have turned on mailman
> cron entries. Unfortuneately, the one that runs /var/mailman/cron/gate_news
> (every 5 minutes!) fails and sends email to email with the report:
> May 21 12:00:00 dell kernel: audit(1085166000.890:0): avc: denied
> { transition } for pid=7796 exe=/usr/sbin/crond path=/bin/bash
> dev=hdb3 ino=376840 scontext=system_u:system_r:crond_t
> tcontext=user_u:sysadm_r:sysadm_t tclass=process
crond shouldn't be attempting to transition to sysadm_t for a cron job.
getconlist user_u system_u:system_r:crond_t shows a default of
user_u:user_r:user_crond_t.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list