From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: crond no longer spawns off correctly specified elements (e.g., mrtg, diskinfo, ...) when running in enforcing mode. I'm attaching AVCs when running in enforcing mode (and crond fail to spawn) and in permissive mode (when crond works). Sample of AVCs in enforcing mode: audit(1087326301.825:0): avc: denied { read } for pid=3985 exe=/bin/bash name=mtab dev=hdb3 ino=986782 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:et selinux-policy-strict-1.13.4-6c_runtime_t tclass=file audit(1087326301.826:0): avc: denied { getattr } for pid=3985 exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t tclass=file audit(1087326301.839:0): avc: denied { execute } for pid=3985 exe=/bin/bash name=mrtg dev=hdb3 ino=595326 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:mrtg_exec_t tclass=file root gets email saying 'permission denied' for /usr/bin/mrtg Version-Release number of selected component (if applicable): selinux-policy-strict-1.13.4-6 How reproducible: Always Steps to Reproduce: 1. strict/enforcing 2. every 5 minutes, crond tries to run mrtg 3. Additional info:
Created attachment 101158 [details] AVCs when running enforcing
Created attachment 101159 [details] AVCs when running in permissive mode
Latest vixie-cron should fix this.