Bug 354971

Summary: SELinux is preventing /usr/sbin/crond (crond_t) "transition" to /bin/bash (unconfined_t).
Product: [Fedora] Fedora Reporter: Dave Jones <davej>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-29 21:20:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 235703    

Description Dave Jones 2007-10-27 00:14:14 UTC 
logged into a freshly installed rawhide, and saw an avc waiting for me.

Additional InformationSource
Context:  system_u:system_r:crond_t:s0-s0:c0.c1023Target
Context:  unconfined_u:system_r:unconfined_t:s0Target Objects:  /bin/bash [
process ]Affected RPM Packages:  vixie-cron-4.2-3.fc8
[application]bash-3.2-18.fc8 [target]Policy
RPM:  selinux-policy-3.0.8-28.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.catchallHost
Name:  gridlockPlatform:  Linux gridlock 2.6.23.1-26.fc8 #1 SMP Thu Oct 18
17:19:23 EDT 2007 x86_64 x86_64Alert Count:  1First Seen:  Fri 26 Oct 2007
08:01:01 PM EDTLast Seen:  Fri 26 Oct 2007 08:01:01 PM EDTLocal
ID:  a229a7c1-034a-47e4-8e5f-53b711ee1be1Line Numbers:  Raw Audit Messages :avc:
denied { transition } for comm=crond dev=dm-0 egid=0 euid=0 exe=/usr/sbin/crond
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/bin/bash pid=3786
scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=unconfined_u:system_r:unconfined_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2007-10-27 10:33:49 UTC 
Fixed in selinux-policy-3.0.8-36.fc8
Comment 2 Jeremy Katz 2007-10-29 21:20:13 UTC 
Not seeing this anymore with -40