Cron after upgrade (FC6 -> FC8)
Jouni Viikari
jouni at viikarit.com
Wed Nov 21 10:53:33 UTC 2007
On Mon, 19 Nov 2007, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jouni Viikari wrote:
>> Is it possible to run crontab job as a root any more on FC8? I get this
>> in /var/log/cron and job is not run:
>>
>> ... crond[2511]: (root) Unauthorized SELinux context (cron/root)
>>
>>
>> Thanks,
>>
>> Jouni
>>
>>
>> # ls -lZ /var/spool/cron/
>> -rw------- root root system_u:object_r:unconfined_cron_spool_t root
>>
>> # rpm -qa | grep selinux-policy-targeted
>> selinux-policy-targeted-3.0.8-53.fc8
>>
>> I just tried my luck (just guessing):
>>
>> # chcon -t sysadm_crond_t /var/spool/cron/root
>> chcon: failed to change context of /var/spool/cron/root to
>> system_u:object_r:sysadm_crond_t: Permission denied
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Fixed in selinux-policy-3.0.8-56
Did not solve it:
crond[2511]: (root) Unauthorized SELinux context(cron/root).
# rpm -qa | grep selinux-policy
selinux-policy-targeted-3.0.8-56.fc8
selinux-policy-3.0.8-56.fc8
BTW, I wonder how to fix this message which is continuously popping up in
the right way? Which version is correct:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/lib/awstats(/.*)?
(system_u:object_r:httpd_sys_script_rw_t:s0 and
system_u:object_r:awstats_var_lib_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)?
(system_u:object_r:httpd_sys_script_exec_t:s0 and
system_u:object_r:httpd_awstats_script_exec_t:s0).
Just noticed that it looks like also my SquirrelMail is broken:
avc: denied { search } for comm=sendmail dev=dm-0 egid=51 euid=48
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0
name=mail pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0
sgid=51
subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 tclass=dir
tcontext=system_u:object_r:etc_mail_t:s0 tty=(none) uid=48
avc: denied { getattr } for comm=sendmail dev=dm-0 egid=51 euid=48
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0
path=/etc/mail pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0
sgid=51
subj=system_u:system_r:httpd_sys_script_t:s0 suid=48 tclass=dir
tcontext=system_u:object_r:etc_mail_t:s0 tty=(none) uid=48
avc: denied { create } for comm=sendmail egid=51 euid=48
exe=/usr/sbin/sendmail.sendmail exit=-13 fsgid=51 fsuid=48 gid=48 items=0
pid=4066 scontext=system_u:system_r:httpd_sys_script_t:s0 sgid=51
subj=system_u:system_r:httpd_sys_script_t:s0 suid=48
tclass=unix_dgram_socket
tcontext=system_u:system_r:httpd_sys_script_t:s0 tty=(none) uid=48
More information about the fedora-selinux-list
mailing list