With audit-1.5.5-5.fc8, vixie-cron-4.1-84.fc8, and pam-0.99.8.1-2.fc8, crond is reporting "PAM audit_log_acct_message() failed: Operation not permitted" regularly in the logs. Since pam is the package I updated today, I'm suspecting that pam is the package causing the problem, so that's where I'm logging this under.
Is this with latest selinux-policy? And if in SELinux enforcing mode - are there related AVC messages in /var/log/audit/audit.log? Also please try to switch to permissive mode temporarily whether that helps.
Latest everything, including selinux-policy, from devel. I have selinux completely disabled at runtime -- SELINUX is set to "disabled" in /etc/selinux/config.
Could you please try to strace the crond process (attach to its pid) with -f in the time it is issuing these messages?
Created attachment 160387 [details] output of strace -f on crond PID while log message is being generated I don't see anything useful in the strace output, but here it is.
Cron calls pam_session_close in the same process which already called setuid(user) so the failure is real. Cron should call setuid(user) only in the child which execs the user's job. PAM should be changed too so it doesn't report this error to syslog because on the auth and account stacks it might be legitimate to call pam as non-root. Or it should use just a DEBUG log level.
I believe it's already using DEBUG log level for this message, but I monitor DEBUG messages to catch issues like this. If it's not an error, it shouldn't be logged as an error. If there is a cron issue, then are you going to file a cron ticket about it, or should I?
Oh, wait, I see you changed the component to vixie-cron. But you said in your comment above "PAM should be changed too," so shouldn't there also be a PAM ticket about this?
The problem is the pam syslog message is sometimes error and sometimes not depending on various things like which service generated it and in what pam function call. There is no need to file a separate ticket against pam as I am already fixing it there.
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This will be fixed in next release of cronie.