Installed FC3 cleanly and then did a yum update to development. Now, I get this in my e-mail: From: root@machine (Cron Daemon) To: root@machine Subject: Cron <root@codewarrior> run-parts /etc/cron.hourly X-Cron-Env: <SHELL=/bin/bash> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin> X-Cron-Env: <MAILTO=root> X-Cron-Env: <HOME=/> X-Cron-Env: <LOGNAME=root> X-Cron-Env: <USER=root> execl: couldn't exec `/bin/bash' execl: Permission denied And see this in /var/log/messages: Apr 17 15:01:01 machine kernel: audit(1113764461.774:0): avc: denied { transition } for pid=3559 exe=/usr/sbin/crond path=/bin/bash dev=dm-0 ino=1769565 scontext=user_u:system_r:initrc_t tcontext=system_u:system_r:unconfined_t tclass=process
Actually, seeing this in cron.hourly, cron.daily and cron.weekly
This looks like a labeling problem. cron should be running under crond_t. What is /usr/sbin/crond context? ls -lZ /usr/sbin/crond -rwxr-xr-x root root system_u:object_r:crond_exec_t /usr/sbin/crond If it is not this, restorecon -v /usr/sbin/crond should fix it. If you want to relabel the system touch /.autorelabel reboot
This seems to have been the issue. Doing the restorecon fixed things. I did a relabel just in case other things were broken and all seems well now. Someone probably needs to look in to why this permission got changed for me. Or maybe any selinux upgrade should automatically add a /.autorelabel?
Did you ever turn off SELinux?
Nope. Process was: Installed FC3 Yum Update to Development Problem started
Well the rpm is supposed to figure out what requires a relabel and relabel on the fly. Something must have gone wrong during the upgrade. Did you see lots of restorecon messages during the upgrade?