Bug 1105759
| Summary: | SELinux is preventing /usr/bin/crontab access for backintime (read and write) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Raphael Groner <projects.rg> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, mmaslano, pertusus, tmraz | ||||||
| Target Milestone: | --- | Keywords: | SELinux | ||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2015-01-03 19:12:26 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Comment on attachment 903063 [details]
description write
write access forbidden
Created attachment 903064 [details]
description read
read access forbidden
Not sure what to blame … backintime, cronie or even selinux? I guess you should blame your setting or backintime. Cronie is using special setting for SElinux and you shouldn't policies for it. What directory is crontab trying to write? Does restorecon -R -v /var/spool change any labels? It is no persistent solution to use restorecon cause /var/spool is mounted as tmpfs. $ mount |grep spool tmpfs on /var/spool type tmpfs (rw,relatime,rootcontext=system_u:object_r:var_spool_t:s0,seclabel,size=367520k,gid=7) Did you use a context mount option? |
Created attachment 903063 [details] description write Description of problem: Backintime runs as root and I changed some settings in the configuration dialog. SELinux is preventing /usr/bin/crontab from 'write' accesses on the directory . Version-Release number of selected component (if applicable): backintime-gnome-1.0.34-1.fc20.noarch selinux-policy-3.13.1-55.fc20.noarch cronie-1.4.11-4.fc20.x86_64 How reproducible: yes Steps to Reproduce: 1. start Backintime as root 2. open the settings dialog 3. Actual results: SELinux reports an alert Expected results: no alert Additional info: