Bug 448367
Summary: | SELinux is preventing sshd (sshd_t) "search" to <Neznámé> (crond_t). | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||
Component: | cronie | Assignee: | Marcela Mašláňová <mmaslano> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | dwalsh, mcepl, pertusus, tmraz | ||||
Target Milestone: | --- | Keywords: | SELinux | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-05-28 07:49:29 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Matěj Cepl
2008-05-26 09:43:19 UTC
Cronie must call setkeycreatecon() with the context it uses when calling setexeccon(). This call has to be done before pam_open_session() is called. Please try test package at http://mmaslano.fedorapeople.org/cronie/ Note that you'll have to restart the computer so the keyring is recreated for the user. Also the cron job of the user must run before you log in to reproduce the problem. Created attachment 306685 [details] /var/log/audit/audit.log Using local rebuild of the src.rpm from comment 2, I don't get AVC denial on cronnie, but I get plenty of other AVC denials -- I have logged into slightly after 17:00 CEST. And no I haven't heard any sound on the whole hour (which I should). This is the output of crontab -e: [matej@hubmaier ~]$ crontab -l SHELL=/bin/bash MAILTO="" * 15 * * mon-fri curl -s http://www.cnb.cz/cz/financni_trhy/devizovy_trh/kurzy_devizoveho_trhu/denni_kurz.txt >$HOME/dnesni-kurs.txt 0 8-19 * * mon-fri gst-launch filesrc location=/home/matej/archiv/music/Pranks/Clock_Big_Ben_London.mp3 ! decodebin ! audioconvert ! volume volume=0.2 ! autoaudiosink >/dev/null 2>&1 # 10 4 * * * /home/matej/rpm/kompiliste/bitlbee/update.sh [matej@hubmaier ~]$ The sound will not play when you're not logged in due to permissions on the sound devices. And the AVCs seem to be unrelated. Verify that the user cron jobs are still working and if so then this bug can be closed as fixed. Matej you seem to have bitlbee attempting connects to lots of random ports. Is this expected behaviour? (In reply to comment #6) > Matej you seem to have bitlbee attempting connects to lots of random ports. Is > this expected behaviour? Yes, it is, I have patched version of bitlbee doing file transfer and the file transfer apparently makes connection totally randomly -- not sure how to make it behave more sanely, and it doesn't matter that much for me. I just added allow bitlbee_t port_t:tcp_socket name_connect; to my bitlbeeFT policy module and will deal with that later. So it is doing some kind of ftp transfer? (In reply to comment #8) > So it is doing some kind of ftp transfer? Roughly speaking yes, it actually is more http connection between two Jabber clients, but that probably doesn't make a difference for you. This is fixed for cronie in next update. If your problem persist please open new bug on appropriate component. |