Bug 126073 – crond fails to spawn mrtg, etc. when in enforcing mode

Bug 126073 - crond fails to spawn mrtg, etc. when in enforcing mode

Summary:	crond fails to spawn mrtg, etc. when in enforcing mode

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-strict (Show other bugs)
Sub Component:
Version:	2
Hardware:	i686 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Walsh
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-06-15 15:29 EDT by Tom London
Modified:	2007-11-30 17:10 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2004-06-23 19:56:54 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
AVCs when running enforcing (1001 bytes, text/plain) 2004-06-15 15:29 EDT, Tom London	no flags	Details
AVCs when running in permissive mode (5.92 KB, text/plain) 2004-06-15 15:30 EDT, Tom London	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Tom London 2004-06-15 15:29:06 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
crond no longer spawns off correctly specified elements (e.g., mrtg,
diskinfo, ...) when running in enforcing mode.

I'm attaching AVCs when running in enforcing mode (and crond fail to
spawn) and in permissive mode (when crond works).

Sample of AVCs in enforcing mode:
audit(1087326301.825:0): avc:  denied  { read } for  pid=3985
exe=/bin/bash name=mtab dev=hdb3 ino=986782
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:et
selinux-policy-strict-1.13.4-6c_runtime_t tclass=file
audit(1087326301.826:0): avc:  denied  { getattr } for  pid=3985
exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:proc_t
tclass=file
audit(1087326301.839:0): avc:  denied  { execute } for  pid=3985
exe=/bin/bash name=mrtg dev=hdb3 ino=595326
scontext=system_u:system_r:crond_t
tcontext=system_u:object_r:mrtg_exec_t tclass=file

root gets email saying 'permission denied' for /usr/bin/mrtg

Version-Release number of selected component (if applicable):
selinux-policy-strict-1.13.4-6

How reproducible:
Always

Steps to Reproduce:
1. strict/enforcing
2. every 5 minutes, crond tries to run mrtg
3.
    

Additional info:

Comment 1 Tom London 2004-06-15 15:29:45 EDT

Created attachment 101158 [details]
AVCs when running enforcing

Comment 2 Tom London 2004-06-15 15:30:19 EDT

Created attachment 101159 [details]
AVCs when running in permissive mode

Comment 3 Daniel Walsh 2004-06-23 17:55:38 EDT

Latest vixie-cron should fix this.

Note You need to log in before you can comment on or make changes to this bug.