Bug 126073 - crond fails to spawn mrtg, etc. when in enforcing mode
Summary: crond fails to spawn mrtg, etc. when in enforcing mode
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict   
(Show other bugs)
Version: 2
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-06-15 19:29 UTC by Tom London
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-06-23 23:56:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
AVCs when running enforcing (1001 bytes, text/plain)
2004-06-15 19:29 UTC, Tom London 		no flags Details
AVCs when running in permissive mode (5.92 KB, text/plain)
2004-06-15 19:30 UTC, Tom London 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Description Tom London 2004-06-15 19:29:06 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
crond no longer spawns off correctly specified elements (e.g., mrtg,
diskinfo, ...) when running in enforcing mode.

I'm attaching AVCs when running in enforcing mode (and crond fail to
spawn) and in permissive mode (when crond works).

Sample of AVCs in enforcing mode:
audit(1087326301.825:0): avc:  denied  { read } for  pid=3985
exe=/bin/bash name=mtab dev=hdb3 ino=986782
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:et
selinux-policy-strict-1.13.4-6c_runtime_t tclass=file
audit(1087326301.826:0): avc:  denied  { getattr } for  pid=3985
exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t
tclass=file
audit(1087326301.839:0): avc:  denied  { execute } for  pid=3985
exe=/bin/bash name=mrtg dev=hdb3 ino=595326
scontext=system_u:system_r:crond_t
tcontext=system_u:object_r:mrtg_exec_t tclass=file

root gets email saying 'permission denied' for /usr/bin/mrtg

Version-Release number of selected component (if applicable):
selinux-policy-strict-1.13.4-6

How reproducible:
Always

Steps to Reproduce:
1. strict/enforcing
2. every 5 minutes, crond tries to run mrtg
3.
    

Additional info:
Comment 1 Tom London 2004-06-15 19:29:45 UTC 
Created attachment 101158 [details]
AVCs when running enforcing
Comment 2 Tom London 2004-06-15 19:30:19 UTC 
Created attachment 101159 [details]
AVCs when running in permissive mode
Comment 3 Daniel Walsh 2004-06-23 21:55:38 UTC 
Latest vixie-cron should fix this.
Note You need to log in before you can comment on or make changes to this bug.