Bug 126073 - crond fails to spawn mrtg, etc. when in enforcing mode
crond fails to spawn mrtg, etc. when in enforcing mode
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2004-06-15 15:29 EDT by Tom London
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-06-23 19:56:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
AVCs when running enforcing (1001 bytes, text/plain)
2004-06-15 15:29 EDT, Tom London
no flags Details
AVCs when running in permissive mode (5.92 KB, text/plain)
2004-06-15 15:30 EDT, Tom London
no flags Details

  None (edit)
Description Tom London 2004-06-15 15:29:06 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
crond no longer spawns off correctly specified elements (e.g., mrtg,
diskinfo, ...) when running in enforcing mode.

I'm attaching AVCs when running in enforcing mode (and crond fail to
spawn) and in permissive mode (when crond works).

Sample of AVCs in enforcing mode:
audit(1087326301.825:0): avc:  denied  { read } for  pid=3985
exe=/bin/bash name=mtab dev=hdb3 ino=986782
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:et
selinux-policy-strict-1.13.4-6c_runtime_t tclass=file
audit(1087326301.826:0): avc:  denied  { getattr } for  pid=3985
exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t
audit(1087326301.839:0): avc:  denied  { execute } for  pid=3985
exe=/bin/bash name=mrtg dev=hdb3 ino=595326
tcontext=system_u:object_r:mrtg_exec_t tclass=file

root gets email saying 'permission denied' for /usr/bin/mrtg

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. strict/enforcing
2. every 5 minutes, crond tries to run mrtg

Additional info:
Comment 1 Tom London 2004-06-15 15:29:45 EDT
Created attachment 101158 [details]
AVCs when running enforcing
Comment 2 Tom London 2004-06-15 15:30:19 EDT
Created attachment 101159 [details]
AVCs when running in permissive mode
Comment 3 Daniel Walsh 2004-06-23 17:55:38 EDT
Latest vixie-cron should fix this.

Note You need to log in before you can comment on or make changes to this bug.