Bug 126073 - crond fails to spawn mrtg, etc. when in enforcing mode
Summary: crond fails to spawn mrtg, etc. when in enforcing mode
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict   
(Show other bugs)
Version: 2
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-06-15 19:29 UTC by Tom London
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-06-23 23:56:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
AVCs when running enforcing (1001 bytes, text/plain)
2004-06-15 19:29 UTC, Tom London
no flags Details
AVCs when running in permissive mode (5.92 KB, text/plain)
2004-06-15 19:30 UTC, Tom London
no flags Details

Description Tom London 2004-06-15 19:29:06 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
crond no longer spawns off correctly specified elements (e.g., mrtg,
diskinfo, ...) when running in enforcing mode.

I'm attaching AVCs when running in enforcing mode (and crond fail to
spawn) and in permissive mode (when crond works).

Sample of AVCs in enforcing mode:
audit(1087326301.825:0): avc:  denied  { read } for  pid=3985
exe=/bin/bash name=mtab dev=hdb3 ino=986782
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:et
selinux-policy-strict-1.13.4-6c_runtime_t tclass=file
audit(1087326301.826:0): avc:  denied  { getattr } for  pid=3985
exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t
audit(1087326301.839:0): avc:  denied  { execute } for  pid=3985
exe=/bin/bash name=mrtg dev=hdb3 ino=595326
tcontext=system_u:object_r:mrtg_exec_t tclass=file

root gets email saying 'permission denied' for /usr/bin/mrtg

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. strict/enforcing
2. every 5 minutes, crond tries to run mrtg

Additional info:

Comment 1 Tom London 2004-06-15 19:29:45 UTC
Created attachment 101158 [details]
AVCs when running enforcing

Comment 2 Tom London 2004-06-15 19:30:19 UTC
Created attachment 101159 [details]
AVCs when running in permissive mode

Comment 3 Daniel Walsh 2004-06-23 21:55:38 UTC
Latest vixie-cron should fix this.

Note You need to log in before you can comment on or make changes to this bug.