Bug 120925 - at doesn't work in enforcing mode
at doesn't work in enforcing mode
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jens Petersen
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-15 07:58 EDT by Tim Waugh
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.11.2-7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-19 19:03:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Waugh 2004-04-15 07:58:22 EDT
Description of problem:
Running 'at 5pm', say, in enforcing mode gives this error:

[tim@cyberelk tim]$ id -Z
user_u:user_r:user_t
[tim@cyberelk tim]$ at 5pm
Cannot open lockfile /var/spool/at/.SEQ: Permission denied

[root@cyberelk root]# ls -Z /var/spool/at/.SEQ
-rw-------+ daemon   daemon   system_u:object_r:at_spool_t    
/var/spool/at/.SEQ

Version-Release number of selected component (if applicable):
at-3.1.8-50
policy-1.11.2-6

How reproducible:
100%
Comment 1 Daniel Walsh 2004-04-15 08:52:06 EDT
Fixed in policy-1.11.2-7
Comment 2 Tim Waugh 2004-04-15 11:19:53 EDT
Thanks, works for me.
Comment 3 Tim Waugh 2004-04-15 12:21:26 EDT
Spoke too soon.  I got audit messages when a job (just to 'mail -s
test ...') tried to execute.  These are (obviously!) from
non-enforcing mode:

Apr 15 17:20:00 cyberelk kernel: audit(1082046000.256:0): avc:  denied
 { read } for  pid=23064 exe=/usr/sbin/atd name=sh dev=hda2
ino=3850250 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:bin_t tclass=lnk_file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.256:0): avc:  denied
 { execute } for  pid=23064 exe=/usr/sbin/atd name=bash dev=hda2
ino=3850326 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:shell_exec_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.256:0): avc:  denied
 { execute_no_trans } for  pid=23064 exe=/usr/sbin/atd path=/bin/bash
dev=hda2 ino=3850326 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:shell_exec_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.256:0): avc:  denied
 { read } for  pid=23064 exe=/usr/sbin/atd path=/bin/bash dev=hda2
ino=3850326 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:shell_exec_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.258:0): avc:  denied
 { read } for  pid=23064 exe=/bin/bash name=mtab dev=hda2 ino=3835834
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.259:0): avc:  denied
 { getattr } for  pid=23064 exe=/bin/bash path=/etc/mtab dev=hda2
ino=3835834 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.259:0): avc:  denied
 { getattr } for  pid=23064 exe=/bin/bash path=/proc/meminfo dev=
ino=4098 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:proc_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.261:0): avc:  denied
 { getattr } for  pid=23064 exe=/bin/bash path=/bin/bash dev=hda2
ino=3850326 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:shell_exec_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.264:0): avc:  denied
 { search } for  pid=23064 exe=/bin/bash name=mail dev=hda2
ino=1015845 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mail_spool_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.266:0): avc:  denied
 { getattr } for  pid=23064 exe=/bin/bash path=/home dev=hda6 ino=2
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:home_root_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.266:0): avc:  denied
 { search } for  pid=23064 exe=/bin/bash dev=hda6 ino=2
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:home_root_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.266:0): avc:  denied
 { getattr } for  pid=23064 exe=/bin/bash path=/home/tim dev=hda6
ino=243361 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.266:0): avc:  denied
 { search } for  pid=23064 exe=/bin/bash name=tim dev=hda6 ino=243361
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.273:0): avc:  denied
 { read } for  pid=23065 exe=/bin/bash name=.bashrc dev=hda6
ino=245635 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:user_home_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.273:0): avc:  denied
 { getattr } for  pid=23065 exe=/bin/bash path=/home/tim/.bashrc
dev=hda6 ino=245635 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:user_home_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.275:0): avc:  denied
 { getattr } for  pid=23066 exe=/bin/bash path=/usr/bin/id dev=hda2
ino=1251966 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:bin_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.276:0): avc:  denied
 { execute } for  pid=23067 exe=/bin/bash name=id dev=hda2 ino=1251966
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:bin_t
tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.276:0): avc:  denied
 { execute_no_trans } for  pid=23067 exe=/bin/bash path=/usr/bin/id
dev=hda2 ino=1251966
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:bin_t
tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.276:0): avc:  denied
 { read } for  pid=23067 exe=/bin/bash path=/usr/bin/id dev=hda2
ino=1251966 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:bin_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.279:0): avc:  denied
 { getattr } for  pid=23067 exe=/usr/bin/id path=pipe:[107801] dev=
ino=107801 scontext=system_u:system_r:atd_t
tcontext=system_u:system_r:atd_t tclass=fifo_file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.280:0): avc:  denied
 { write
} for  pid=23067 exe=/usr/bin/id path=pipe:[107801] dev= ino=107801
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=fifo_file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.281:0): avc:  denied
 { read } for  pid=23065 exe=/bin/bash path=pipe:[107801] dev=
ino=107801 scontext=system_u:system_r:atd_t
tcontext=system_u:system_r:atd_t tclass=fifo_file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.373:0): avc:  denied
 { search } for  pid=23073 exe=/bin/mail name=sbin dev=hda2
ino=1245245 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:sbin_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.373:0): avc:  denied
 { read } for  pid=23073 exe=/bin/mail name=sendmail dev=hda2
ino=1252731 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:sbin_t tclass=lnk_file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.503:0): avc:  denied
 { execute } for  pid=23073 exe=/bin/mail name=sendmail.sendmail
dev=hda2 ino=1252719 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:sendmail_exec_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.503:0): avc:  denied
 { execute_no_trans } for  pid=23073 exe=/bin/mail
path=/usr/sbin/sendmail.sendmail dev=hda2 ino=1252719
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:sendmail_exec_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.503:0): avc:  denied
 { read } for  pid=23073 exe=/bin/mail
path=/usr/sbin/sendmail.sendmail dev=hda2 ino=1252719
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:sendmail_exec_t
tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.790:0): avc:  denied
 { create } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=tcp_socket
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.793:0): avc:  denied
 { read } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=resolv.conf dev=hda2 ino=3834860 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:net_conf_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.793:0): avc:  denied
 { getattr } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/etc/resolv.conf dev=hda2 ino=3834860
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:net_conf_t
tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.795:0): avc:  denied
 { search } for  pid=23073 exe=/usr/sbin/sendmail.sendmail name=mail
dev=hda2 ino=3834696 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.852:0): avc:  denied
 { getattr } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/etc/mail/submit.cf dev=hda2 ino=3834746
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:etc_mail_t
tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.852:0): avc:  denied
 { getattr } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/etc/mail dev=hda2 ino=3834696 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:etc_mail_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.852:0): avc:  denied
 { read } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=submit.cf dev=hda2 ino=3834746 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:etc_mail_t tclass=file
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.890:0): avc:  denied
 { search } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=clientmqueue dev=hda2 ino=1015923
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Apr 15 17:20:00 cyberelk kernel: audit(1082046000.890:0): avc:  denied
 { getattr } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/var/spool/clientmqueue
dev=hda2 ino=1015923 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.034:0): avc:  denied
 { create } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=udp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.034:0): avc:  denied
 { connect } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=udp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.035:0): avc:  denied
 { write
} for  pid=23073 exe=/usr/sbin/sendmail.sendmail laddr=192.168.1.1
lport=34439 faddr=192.168.1.1 fport=53
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=udp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.035:0): avc:  denied
 { udp_send } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=192.168.1.1 src=34439
daddr=192.168.1.1 dest=53 netif=lo scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:netif_lo_t tclass=netif
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.035:0): avc:  denied
 { udp_send } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=192.168.1.1 src=34439
daddr=192.168.1.1 dest=53 netif=lo scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:node_t tclass=node
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.035:0): avc:  denied
 { send_msg } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=192.168.1.1 src=34439
daddr=192.168.1.1 dest=53 netif=lo scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:dns_port_t tclass=udp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.209:0): avc:  denied
 { udp_recv } for  pid=1914 exe=/usr/sbin/named saddr=192.168.1.1
src=53 daddr=192.168.1.1 dest=34439 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:netif_lo_t
tclass=netif
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.209:0): avc:  denied
 { udp_recv } for  pid=1914 exe=/usr/sbin/named saddr=192.168.1.1
src=53 daddr=192.168.1.1 dest=34439 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:node_t
tclass=node
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.209:0): avc:  denied
 { recv_msg } for  pid=1914 exe=/usr/sbin/named saddr=192.168.1.1
src=53 daddr=192.168.1.1 dest=34439 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:dns_port_t
tclass=udp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.210:0): avc:  denied
 { read } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
laddr=192.168.1.1 lport=34439 faddr=192.168.1.1 fport=53
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=udp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.390:0): avc:  denied
 { write
} for  pid=23073 exe=/usr/sbin/sendmail.sendmail name=clientmqueue
dev=hda2 ino=1015923 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.390:0): avc:  denied
 { add_name } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=dfi3FGK07j023073 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.390:0): avc:  denied
 { create } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=dfi3FGK07j023073 scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=file
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.391:0): avc:  denied
 { getattr } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/var/spool/clientmqueue/dfi3FGK07j023073 dev=hda2 ino=1015911
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=file
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.392:0): avc:  denied
 { lock } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/var/spool/clientmqueue/dfi3FGK07j023073 dev=hda2 ino=1015911
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=file
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.392:0): avc:  denied
 { write
} for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=/var/spool/clientmqueue/dfi3FGK07j023073 dev=hda2 ino=1015911
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=file
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.397:0): avc:  denied
 { read } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=dfi3FGK07j023073 dev=hda2 ino=1015911
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=file
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { connect } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=tcp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { tcp_send } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=127.0.0.1 src=33954 daddr=127.0.0.1 dest=25 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:netif_lo_t
tclass=netif
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { tcp_send } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=127.0.0.1 src=33954 daddr=127.0.0.1 dest=25 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:node_lo_t
tclass=node
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { send_msg } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=127.0.0.1 src=33954 daddr=127.0.0.1 dest=25 netif=lo
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { tcp_recv } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=127.0.0.1 src=25 daddr=127.0.0.1 dest=33954 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:netif_lo_t
tclass=netif
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { tcp_recv } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=127.0.0.1 src=25 daddr=127.0.0.1 dest=33954 netif=lo
scontext=system_u:system_r:atd_t tcontext=system_u:object_r:node_lo_t
tclass=node
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.430:0): avc:  denied
 { recv_msg } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
saddr=127.0.0.1 src=25 daddr=127.0.0.1 dest=33954 netif=lo
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.441:0): avc:  denied
 { getattr } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
laddr=127.0.0.1 lport=33954 faddr=127.0.0.1 fport=25
scontext=system_u:system_r:atd_t tcontext=system_u:system_r:atd_t
tclass=tcp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.442:0): avc:  denied
 { read } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
path=socket:[107830] dev= ino=107830 scontext=system_u:system_r:atd_t
tcontext=system_u:system_r:atd_t tclass=tcp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.622:0): avc:  denied
 { write
} for  pid=23073 exe=/usr/sbin/sendmail.sendmail path=socket:[107830]
dev= ino=107830 scontext=system_u:system_r:atd_t
tcontext=system_u:system_r:atd_t tclass=tcp_socket
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.797:0): avc:  denied
 { remove_name } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=dfi3FGK07j023073 dev=hda2 ino=1015911
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.797:0): avc:  denied
 { unlink } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=dfi3FGK07j023073 dev=hda2 ino=1015911
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=file
Apr 15 17:20:01 cyberelk kernel: audit(1082046001.798:0): avc:  denied
 { read } for  pid=23073 exe=/usr/sbin/sendmail.sendmail
name=clientmqueue dev=hda2 ino=1015923
scontext=system_u:system_r:atd_t
tcontext=system_u:object_r:mqueue_spool_t tclass=dir
Comment 4 Colin Walters 2004-04-19 19:03:11 EDT
There is no longer an atd_t; it runs as crond_t since Dan's latest
changes. I did however fix one or two bugs in the policy relating to
this.  Could you try the latest policy?  Note you will need to relabel
/var/spool/at and /usr/sbin/atd and /usr/bin/at at least.
Comment 5 Tim Waugh 2004-04-20 04:52:58 EDT
With policy-1.11.2-9, I get no audit messages when running:

at "now + 2 minutes"
echo hello world
^D

When the job fires I get this (permissive mode):

audit(1082449920.313:0): avc:  denied  { write } for  pid=15079
exe=/usr/sbin/atd name=spool dev=hda2 ino=1015866
scontext=root:system_r:crond_t tcontext=system_u:object_r:var_spool_t
tclass=dir
audit(1082449920.313:0): avc:  denied  { add_name } for  pid=15079
exe=/usr/sbin/atd name=a0000801134800 scontext=root:system_r:crond_t
tcontext=system_u:object_r:var_spool_t tclass=dir
audit(1082449920.313:0): avc:  denied  { create } for  pid=15079
exe=/usr/sbin/atd name=a0000801134800 scontext=root:system_r:crond_t
tcontext=root:object_r:var_spool_t tclass=file
audit(1082449920.313:0): avc:  denied  { write } for  pid=15079
exe=/usr/sbin/atd path=/var/spool/at/spool/a0000801134800 dev=hda2
ino=1017281 scontext=root:system_r:crond_t
tcontext=root:object_r:var_spool_t tclass=file
audit(1082449920.318:0): avc:  denied  { write } for  pid=15080
exe=/bin/bash path=/var/spool/at/spool/a0000801134800 dev=hda2
ino=1017281 scontext=user_u:user_r:user_crond_t
tcontext=root:object_r:var_spool_t tclass=file
audit(1082449920.354:0): avc:  denied  { getattr } for  pid=15081
exe=/bin/bash path=/var/spool/at/spool/a0000801134800 dev=hda2
ino=1017281 scontext=user_u:user_r:user_crond_t
tcontext=root:object_r:var_spool_t tclass=file
audit(1082449920.357:0): avc:  denied  { remove_name } for  pid=15079
exe=/usr/sbin/atd name=a0000801134800 dev=hda2 ino=1017281
scontext=root:system_r:crond_t tcontext=system_u:object_r:var_spool_t
tclass=dir
audit(1082449920.357:0): avc:  denied  { unlink } for  pid=15079
exe=/usr/sbin/atd name=a0000801134800 dev=hda2 ino=1017281
scontext=root:system_r:crond_t tcontext=root:object_r:var_spool_t
tclass=file
audit(1082449920.360:0): avc:  denied  { read } for  pid=15079
exe=/usr/sbin/sendmail.sendmail
path=/var/spool/at/spool/a0000801134800 (deleted) dev=hda2 ino=1017281
scontext=root:system_r:system_mail_t
tcontext=root:object_r:var_spool_t tclass=file
audit(1082449920.374:0): avc:  denied  { getattr } for  pid=15079
exe=/usr/sbin/sendmail.sendmail
path=/var/spool/at/spool/a0000801134800 (deleted) dev=hda2 ino=1017281
scontext=root:system_r:system_mail_t
tcontext=root:object_r:var_spool_t tclass=file
audit(1082449920.385:0): avc:  denied  { ioctl } for  pid=15079
exe=/usr/sbin/sendmail.sendmail
path=/var/spool/at/spool/a0000801134800 (deleted) dev=hda2 ino=1017281
scontext=root:system_r:system_mail_t
tcontext=root:object_r:var_spool_t tclass=file
Comment 6 Tim Waugh 2004-04-20 06:07:04 EDT
..but with policy-1.11.2-12 everything works fine.  Seems fixed now.

Note You need to log in before you can comment on or make changes to this bug.