354971 – SELinux is preventing /usr/sbin/crond (crond_t) "transition" to /bin/bash (unconfined_t).

Bug 354971 - SELinux is preventing /usr/sbin/crond (crond_t) "transition" to /bin/bash (unconfined_t).

Summary: SELinux is preventing /usr/sbin/crond (crond_t) "transition" to /bin/bash (un...

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F8Blocker
TreeView+	depends on / blocked

Reported:	2007-10-27 00:14 UTC by Dave Jones
Modified:	2015-01-04 22:29 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-10-29 21:20:13 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dave Jones 2007-10-27 00:14:14 UTC

logged into a freshly installed rawhide, and saw an avc waiting for me.

Additional InformationSource
Context:  system_u:system_r:crond_t:s0-s0:c0.c1023Target
Context:  unconfined_u:system_r:unconfined_t:s0Target Objects:  /bin/bash [
process ]Affected RPM Packages:  vixie-cron-4.2-3.fc8
[application]bash-3.2-18.fc8 [target]Policy
RPM:  selinux-policy-3.0.8-28.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.catchallHost
Name:  gridlockPlatform:  Linux gridlock 2.6.23.1-26.fc8 #1 SMP Thu Oct 18
17:19:23 EDT 2007 x86_64 x86_64Alert Count:  1First Seen:  Fri 26 Oct 2007
08:01:01 PM EDTLast Seen:  Fri 26 Oct 2007 08:01:01 PM EDTLocal
ID:  a229a7c1-034a-47e4-8e5f-53b711ee1be1Line Numbers:  Raw Audit Messages :avc:
denied { transition } for comm=crond dev=dm-0 egid=0 euid=0 exe=/usr/sbin/crond
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/bin/bash pid=3786
scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=unconfined_u:system_r:unconfined_t:s0 tty=(none) uid=0

Comment 1 Daniel Walsh 2007-10-27 10:33:49 UTC

Fixed in selinux-policy-3.0.8-36.fc8

Comment 2 Jeremy Katz 2007-10-29 21:20:13 UTC

Not seeing this anymore with -40

Note You need to log in before you can comment on or make changes to this bug.