1105759 – SELinux is preventing /usr/bin/crontab access for backintime (read and write)

Bug 1105759 - SELinux is preventing /usr/bin/crontab access for backintime (read and write)

Summary: SELinux is preventing /usr/bin/crontab access for backintime (read and write)

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	20
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-07 07:34 UTC by Raphael Groner
Modified:	2015-01-03 19:12 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-01-03 19:12:26 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
description write (2.20 KB, text/plain) 2014-06-07 07:34 UTC, Raphael Groner	no flags	Details
description read (2.28 KB, text/plain) 2014-06-07 07:40 UTC, Raphael Groner	no flags	Details
View All

Description Raphael Groner 2014-06-07 07:34:25 UTC

Created attachment 903063 [details]
description write

Description of problem:
Backintime runs as root and I changed some settings in the configuration dialog.
SELinux is preventing /usr/bin/crontab from 'write' accesses on the directory .

Version-Release number of selected component (if applicable):
backintime-gnome-1.0.34-1.fc20.noarch
selinux-policy-3.13.1-55.fc20.noarch
cronie-1.4.11-4.fc20.x86_64

How reproducible:
yes

Steps to Reproduce:
1. start Backintime as root
2. open the settings dialog
3. 

Actual results:
SELinux reports an alert

Expected results:
no alert

Additional info:

Comment 1 Raphael Groner 2014-06-07 07:39:16 UTC

Comment on attachment 903063 [details]
description write

write access forbidden

Comment 2 Raphael Groner 2014-06-07 07:40:46 UTC

Created attachment 903064 [details]
description read

read access forbidden

Comment 3 Raphael Groner 2014-06-07 08:30:38 UTC

Not sure what to blame … backintime, cronie or even selinux?

Comment 4 Marcela Mašláňová 2014-06-09 08:28:26 UTC

I guess you should blame your setting or backintime. Cronie is using special setting for SElinux and you shouldn't policies for it.

Comment 5 Daniel Walsh 2014-06-09 11:16:54 UTC

What directory is crontab trying to write?

Does

restorecon -R -v /var/spool

change any labels?

Comment 6 Raphael Groner 2014-09-07 18:44:40 UTC

It is no persistent solution to use restorecon cause /var/spool is mounted as tmpfs.

$ mount |grep spool
tmpfs on /var/spool type tmpfs (rw,relatime,rootcontext=system_u:object_r:var_spool_t:s0,seclabel,size=367520k,gid=7)

Comment 7 Daniel Walsh 2015-01-03 16:10:43 UTC

Did you use a context mount option?

Note You need to log in before you can comment on or make changes to this bug.