Cron mail problem with FC6/strict

Ted Rule ejtr at
Sun Feb 18 17:36:29 UTC 2007

On Sat, 2007-02-17 at 21:42 +0000, Ted Rule wrote:
> If so, the workround is presumably for crond to double fork before
> invoking the Job. i.e inside crond, do_command() would call
> child_process(), which would then setexeccon(), then fork() AGAIN to
> drop into the new security context as set by setexeccon(), and only then
> build all the pipes and the greatgrandchild Job process and sendmail
> processes themselves.

Doh. Of course I now realise that a double fork won't help because the
setexecon only affects exec() behaviour, not fork(). So I'm back to
working round the problem with my wrapper script to indirectly launch

Ted Rule

Director, Layer3 Systems Ltd


More information about the fedora-selinux-list mailing list