Bug 120912

Summary: crond will ignore mailman crontab in SELinux enforcing mode if mailman was installed in a non-SELinux configuration
Product: [Fedora] Fedora Reporter: Nalin Dahyabhai <nalin>
Component: mailmanAssignee: John Dennis <jdennis>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-08-09 23:15:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nalin Dahyabhai 2004-04-15 05:55:08 UTC 
Description of problem:
The SELinux policy doesn't allow crond to read unlabeled files.  This
means that on a system which was not running an SELinux kernel (or
which was, but had SELinux disabled) when mailman was installed, the
crontab (which would be installed unlabeled) will be ignored.

Version-Release number of selected component (if applicable):
mailman-2.1.4-2

How reproducible:
Every time.

Steps to Reproduce:
1. Boot with selinux=0
2. Install mailman
3. Reboot with selinux=1 enforcing=1, relabeling if necessary
  
Actual results:
Audit messages indicating that crond couldn't read mailman's crontab

Expected results:
No audit messages, mailman cron jobs running.

Additional info:
crond supports reading system cron jobs from files stored in
/etc/cron.d.  If we installed the mailman crontab there instead, it
could be included directly in the package payload (and tracked by
RPM), plus we wouldn't need to run crontab in %post.  The format is a
little different, but it can be produced at build-time with little
difficulty.
Comment 2 John Dennis 2004-08-09 23:15:17 UTC 
fixed as of mailman-2.1.5-10, crontab is no longer used, instead we
install a cron script in /etc/cron.d