Bug 1299117

Summary: SELinux prevents cron from running after reboot
Product: [Fedora] Fedora Reporter: André Martins <aanm90>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 23CC: dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, reklov, tim
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-17 00:29:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description André Martins 2016-01-16 02:20:01 UTC 
Description of problem:
SELinux prevents cron from running after reboot


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-158.fc23.noarch

How reproducible:
Always

Steps to Reproduce:
1. Write a file with the following contents "@reboot echo "disable" > /sys/firmware/acpi/interrupts/gpe06" under "-rw-------. 1 root root 61 Sep 13 15:21 /var/spool/cron/root"
2. Reboot the machine
3. do # tail /var/log/cron

Actual results:
Jan 15 22:49:19 aanm-MBP crond[1591]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 38% if used.)
Jan 15 22:49:19 aanm-MBP crond[1591]: (root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root)
Jan 15 22:49:19 aanm-MBP crond[1591]: (root) FAILED (loading cron table)
Jan 15 22:49:19 aanm-MBP crond[1591]: (CRON) INFO (running with inotify support)


Expected results:
Non failures
Comment 1 Volker Sobek 2016-01-16 17:18:23 UTC 
Might be the same as https://bugzilla.redhat.com/show_bug.cgi?id=1298192
Comment 2 André Martins 2016-01-17 00:29:52 UTC 

*** This bug has been marked as a duplicate of bug 1298192 ***