Bug 146684 - policy does not allow sysstat or mrtg crons to run
policy does not allow sysstat or mrtg crons to run
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-31 13:56 EST by Orion Poplawski
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-01 12:44:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2005-01-31 13:56:23 EST
Description of problem:

Get failure emails from /usr/lib/sa/sa1 and /usr/bin/mrtg crons:

execl: couldn't exec `/bin/sh'
execl: Permission denied

audit(1107197402.053:0): avc:  denied  { transition } for  pid=4235
exe=/usr/sbin/crond path=/bin/bash dev=dm-1 ino=47140
scontext=user_u:system_r:crond_t tcontext=system_u:system_r:unconfined_t
tclass=process

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.5-1

How reproducible:
Every time

Steps to Reproduce:
1.  Install selinux targeted system
2.  Install sysstat
3.  Install and configure mrtg
  
Actual results:

Crons fail to run

Expected results:


Additional info:
Comment 1 Orion Poplawski 2005-01-31 14:02:02 EST
Also, cron.hourly (and others?) can't run.
Comment 2 Daniel Walsh 2005-01-31 15:36:55 EST
Did you do a service crond restart after updating policy?

Comment 3 Daniel Walsh 2005-01-31 15:43:19 EST
Oops never mind.  Please try out selinux-policy-targeted-1.21.5-4
Available now on ftp://people.redhat.com/dwalsh/SELinux/Fedora
Or via Rawhide tomorrow.

Comment 4 Orion Poplawski 2005-01-31 16:13:08 EST
Still getting it:

Jan 31 14:10:01 hawk crond(pam_unix)[4205]: session opened for user root by (uid=0)
Jan 31 14:10:01 hawk kernel: audit(1107205801.774:0): avc:  denied  { transition
} for  pid=4206 exe=/usr/sbin/crond path=/bin/bash dev=dm-1 ino=47140
scontext=root:system_r:crond_t tcontext=system_u:system_r:unconfined_t
tclass=process
Jan 31 14:10:01 hawk crond(pam_unix)[4205]: session closed for user root

I restarted the crond ervice after applying the update.  Anything else to be done?
Comment 5 Daniel Walsh 2005-01-31 16:25:09 EST
That is weird.  I am running

rpm -q selinux-policy-targeted
selinux-policy-targeted-1.21.5-4

Jan 31 16:20:01 localhost crond(pam_unix)[18904]: session opened for user root
by (uid=0)
Jan 31 16:20:01 localhost crond(pam_unix)[18905]: session opened for user root
by (uid=0)
Jan 31 16:20:01 localhost crond(pam_unix)[18904]: session closed for user root
Jan 31 16:20:02 localhost crond(pam_unix)[18905]: session closed for user root

I am not seeing this at all anymore.  
Comment 6 Daniel Walsh 2005-01-31 16:48:49 EST
selinux-policy-targeted-1.21.5-5 has this fix.

Dan
Comment 7 Orion Poplawski 2005-02-01 12:44:22 EST
After a reinstall, this looks good.

Note You need to log in before you can comment on or make changes to this bug.