Bug 146684 - policy does not allow sysstat or mrtg crons to run
Summary: policy does not allow sysstat or mrtg crons to run
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-31 18:56 UTC by Orion Poplawski
Modified: 2007-11-30 22:10 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2005-02-01 17:44:22 UTC


Attachments (Terms of Use)

Description Orion Poplawski 2005-01-31 18:56:23 UTC
Description of problem:

Get failure emails from /usr/lib/sa/sa1 and /usr/bin/mrtg crons:

execl: couldn't exec `/bin/sh'
execl: Permission denied

audit(1107197402.053:0): avc:  denied  { transition } for  pid=4235
exe=/usr/sbin/crond path=/bin/bash dev=dm-1 ino=47140
scontext=user_u:system_r:crond_t tcontext=system_u:system_r:unconfined_t
tclass=process

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.5-1

How reproducible:
Every time

Steps to Reproduce:
1.  Install selinux targeted system
2.  Install sysstat
3.  Install and configure mrtg
  
Actual results:

Crons fail to run

Expected results:


Additional info:

Comment 1 Orion Poplawski 2005-01-31 19:02:02 UTC
Also, cron.hourly (and others?) can't run.

Comment 2 Daniel Walsh 2005-01-31 20:36:55 UTC
Did you do a service crond restart after updating policy?



Comment 3 Daniel Walsh 2005-01-31 20:43:19 UTC
Oops never mind.  Please try out selinux-policy-targeted-1.21.5-4
Available now on ftp://people.redhat.com/dwalsh/SELinux/Fedora
Or via Rawhide tomorrow.



Comment 4 Orion Poplawski 2005-01-31 21:13:08 UTC
Still getting it:

Jan 31 14:10:01 hawk crond(pam_unix)[4205]: session opened for user root by (uid=0)
Jan 31 14:10:01 hawk kernel: audit(1107205801.774:0): avc:  denied  { transition
} for  pid=4206 exe=/usr/sbin/crond path=/bin/bash dev=dm-1 ino=47140
scontext=root:system_r:crond_t tcontext=system_u:system_r:unconfined_t
tclass=process
Jan 31 14:10:01 hawk crond(pam_unix)[4205]: session closed for user root

I restarted the crond ervice after applying the update.  Anything else to be done?

Comment 5 Daniel Walsh 2005-01-31 21:25:09 UTC
That is weird.  I am running

rpm -q selinux-policy-targeted
selinux-policy-targeted-1.21.5-4

Jan 31 16:20:01 localhost crond(pam_unix)[18904]: session opened for user root
by (uid=0)
Jan 31 16:20:01 localhost crond(pam_unix)[18905]: session opened for user root
by (uid=0)
Jan 31 16:20:01 localhost crond(pam_unix)[18904]: session closed for user root
Jan 31 16:20:02 localhost crond(pam_unix)[18905]: session closed for user root

I am not seeing this at all anymore.  


Comment 6 Daniel Walsh 2005-01-31 21:48:49 UTC
selinux-policy-targeted-1.21.5-5 has this fix.

Dan

Comment 7 Orion Poplawski 2005-02-01 17:44:22 UTC
After a reinstall, this looks good.


Note You need to log in before you can comment on or make changes to this bug.