Bug 354971 - SELinux is preventing /usr/sbin/crond (crond_t) "transition" to /bin/bash (unconfined_t).
Summary: SELinux is preventing /usr/sbin/crond (crond_t) "transition" to /bin/bash (un...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
Blocks: F8Blocker
TreeView+ depends on / blocked
Reported: 2007-10-27 00:14 UTC by Dave Jones
Modified: 2015-01-04 22:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-29 21:20:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Dave Jones 2007-10-27 00:14:14 UTC
logged into a freshly installed rawhide, and saw an avc waiting for me.

Additional InformationSource
Context:  system_u:system_r:crond_t:s0-s0:c0.c1023Target
Context:  unconfined_u:system_r:unconfined_t:s0Target Objects:  /bin/bash [
process ]Affected RPM Packages:  vixie-cron-4.2-3.fc8
[application]bash-3.2-18.fc8 [target]Policy
RPM:  selinux-policy-3.0.8-28.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.catchallHost
Name:  gridlockPlatform:  Linux gridlock #1 SMP Thu Oct 18
17:19:23 EDT 2007 x86_64 x86_64Alert Count:  1First Seen:  Fri 26 Oct 2007
08:01:01 PM EDTLast Seen:  Fri 26 Oct 2007 08:01:01 PM EDTLocal
ID:  a229a7c1-034a-47e4-8e5f-53b711ee1be1Line Numbers:  Raw Audit Messages :avc:
denied { transition } for comm=crond dev=dm-0 egid=0 euid=0 exe=/usr/sbin/crond
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/bin/bash pid=3786
scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=unconfined_u:system_r:unconfined_t:s0 tty=(none) uid=0

Comment 1 Daniel Walsh 2007-10-27 10:33:49 UTC
Fixed in selinux-policy-3.0.8-36.fc8

Comment 2 Jeremy Katz 2007-10-29 21:20:13 UTC
Not seeing this anymore with -40

Note You need to log in before you can comment on or make changes to this bug.