Cron mail problem with FC6/strict
Ted Rule
ejtr at layer3.co.uk
Sun Feb 18 17:36:29 UTC 2007
On Sat, 2007-02-17 at 21:42 +0000, Ted Rule wrote:
> If so, the workround is presumably for crond to double fork before
> invoking the Job. i.e inside crond, do_command() would call
> child_process(), which would then setexeccon(), then fork() AGAIN to
> drop into the new security context as set by setexeccon(), and only then
> build all the pipes and the greatgrandchild Job process and sendmail
> processes themselves.
Doh. Of course I now realise that a double fork won't help because the
setexecon only affects exec() behaviour, not fork(). So I'm back to
working round the problem with my wrapper script to indirectly launch
sendmail.
--
Ted Rule
Director, Layer3 Systems Ltd
W: http://www.layer3.co.uk/
More information about the fedora-selinux-list
mailing list