RHEL5 + strict policy: Unprivileged user cron - "Unauthorized SELinux context"

Aleksander Adamowski aleksander.adamowski.fedora at altkom.pl
Wed Nov 28 20:16:19 UTC 2007


Hi!

I'm using selinux-policy-strict-2.4.6-30.el5.

I've added a job to apache's crontab (crontab -e -u apache).

Now I can see those errors in /var/log/cron:

crond[27249]: (apache) Unauthorized SELinux context, but SELinux in 
permissive mode, continuing (cron/apache)
crond[29358]: (apache) NULL security context for user, but SELinux in 
permissive mode, continuing ()


Google search found a suggestion that FC6 cron policy is broken, 
resulting in similar symptoms (but for root instead of apache user), but 
what about RHEL5?

I've also added a simple apache cronjob that simply writes output from 
"id -Z" to a file in /tmp and it has written the following context data:

root:system_r:crond_t:SystemLow-SystemHigh

Why is the user root? Shouldn't it be user_u or system_u or something 
like that?

-- 
Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
	http://olo.org.pl




More information about the fedora-selinux-list mailing list