Bug 657104

Summary: cron does not run cron jobs reports Unauthorized SELinux context
Product: [Fedora] Fedora Reporter: John Griffiths <fedora.jrg01>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 14CC: dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-26 16:29:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Griffiths 2010-11-24 22:25:38 UTC 
Description of problem:
cron does not run cron jobs. It reports Unauthorized SELinux context in /var/log/cron on startup.

Version-Release number of selected component (if applicable):
cronie.i686                                 1.4.5-2.fc14                @fedora 
selinux-policy.noarch                       3.9.7-12.fc14               @updates
selinux-policy-targeted.noarch              3.9.7-12.fc14               @updates


I have two systems both installed with F14. Cron runs fine on one system but does not run the cronjobs on the other system.

I have reinstalled cronie, crontabs, selinux-policy, selinux-policy-targeted.

I have compared the context of the files that are complained about:

Nov 24 17:17:44 joe crond[12390]: (CRON) STARTUP (1.4.5)
Nov 24 17:17:44 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/crontab)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/smolt)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/0hourly)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/sa-update)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/clamav-update)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/sysstat)
Nov 24 17:17:46 joe crond[12390]: (jrg3) Unauthorized SELinux context (/var/spool/cron/jrg3)
Nov 24 17:17:46 joe crond[12390]: (root) Unauthorized SELinux context (/var/spool/cron/root)

and the context is the same between the systems.

-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/crontab
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/smolt
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/0hourly
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/sa-update
-rw-------. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/clamav-update
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/sysstat
-rw-------. jrg3 root unconfined_u:object_r:cron_spool_t:s0 /var/spool/cron/jrg3
-rw-------. root root unconfined_u:object_r:cron_spool_t:s0 /var/spool/cron/root

I have compared the output of semanage fcontext -l | grep cron and they are identical.

I am at a loss as to what to do next.
Comment 1 John Griffiths 2010-11-26 16:29:25 UTC 
I went through the other bugs on this subject for prior Fedora releases.

I did the following:

1)    rm -rf /etc/selinux/targeted
2)    yum -y reinstall selinux-policy\*
3)    restorecon -R -v /etc/selinux
4)    touch /.autorelabel
5)    rebooted

All is well with cron again. I do not know what was messed up in the policy or the contexts or how they got messed up.