| Summary: | SELinux is preventing /usr/sbin/crond from 'entrypoint' accesses on the file /sbin/mkhomedir_helper. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 15 | CC: | dominick.grift, dwalsh, mcepl, mcepl, mgrepl, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:2e05e1d289d04719fb96a141d10d7a9a49d12b007bcc848a18b223f6c06cad9f | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-11-24 09:24:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Anything in /var/log/secure? I suppose this is expectable if pam_mkhomedir is configured with authconfig. Although authconfig now prefers pam_oddjob_mkhomedir if it is installed on the system (oddjob-mkhomedir package). Matej, does it still happen? (In reply to comment #4) > Matej, > does it still happen? Oh boy. F15 ... that's soooooooo long time ago. I believe this one is gone. If not, then I'll open a new bug. OK, thx. |
SELinux is preventing /usr/sbin/crond from 'entrypoint' accesses on the file /sbin/mkhomedir_helper. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that crond should be allowed entrypoint access on the mkhomedir_helper file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep crond /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 Target Context system_u:object_r:bin_t:s0 Target Objects /sbin/mkhomedir_helper [ file ] Source crond Source Path /usr/sbin/crond Port <Neznámé> Host (removed) Source RPM Packages cronie-1.4.7-3.fc15 Target RPM Packages pam-1.1.3-8.fc15 Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64 Alert Count 175 First Seen St 25. květen 2011, 00:01:01 CEST Last Seen Po 6. červen 2011, 22:01:01 CEST Local ID 6a4355f0-508d-47c0-a206-9c2d100ea4a6 Raw Audit Messages type=AVC msg=audit(1307390461.559:3558): avc: denied { entrypoint } for pid=21581 comm="crond" path="/sbin/mkhomedir_helper" dev=dm-1 ino=6124 scontext=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file type=SYSCALL msg=audit(1307390461.559:3558): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fd71a8240d6 a1=7fff585a7a00 a2=7fd71aa24520 a3=7fd723212a90 items=0 ppid=21579 pid=21581 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=468 comm=crond exe=/usr/sbin/crond subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) Hash: crond,system_cronjob_t,bin_t,file,entrypoint audit2allow #============= system_cronjob_t ============== allow system_cronjob_t bin_t:file entrypoint; audit2allow -R #============= system_cronjob_t ============== allow system_cronjob_t bin_t:file entrypoint;