Bug 378701 - After upgrading to F8, root crontabs stopped working
After upgrading to F8, root crontabs stopped working
Status: CLOSED DUPLICATE of bug 393261
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
8
All Linux
low Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-12 15:43 EST by Dan O'Brien
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-21 09:19:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dan O'Brien 2007-11-12 15:43:47 EST
Description of problem:

After upgrading to F8 from F7, my root crontab entries stopped working. I noted
in the cron log:

cron:Nov 11 09:37:16 yorky crond[1921]: (root) Unauthorized SELinux context
(cron/root)
cron:Nov 11 10:09:36 yorky crond[1923]: (root) Unauthorized SELinux context
(cron/root)
cron:Nov 12 06:14:01 yorky crond[1923]: (root) Unauthorized SELinux context
(cron/root)
cron:Nov 12 06:16:01 yorky crond[1923]: (root) Unauthorized SELinux context
(cron/root)
cron:Nov 12 15:33:01 yorky crond[1923]: (root) Unauthorized SELinux context
(cron/root)

/var/spool/cron shows:

ls -lZ 
-rw-------  dmobrien root user_u:object_r:cron_spool_t     dmobrien
-rw-------  root     root system_u:object_r:unconfined_cron_spool_t root

And nothing runs.

Version-Release number of selected component (if applicable):

selinux-policy-3.0.8-47.fc8

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Ben Webb 2007-11-18 14:52:17 EST
I see something very similar on Fedora 8 systems, although this is with selinux-policy-targeted-3.0.8-
53.fc8. On one system I get exactly the same error:
Nov 18 11:42:01 cowbell crond[1890]: (root) Unauthorized SELinux context (cron/root)
I can work around this, however, by putting my root crontab in /etc/cron.d/ instead. Notably, non-root 
crontabs work just fine.

On another system, root crontabs work OK, but crond complains about /etc/crontab and /etc/cron.d/ 
instead:
Nov 18 11:32:57 organ crond[2437]: (system_u) Unauthorized SELinux context (/etc/crontab)
Nov 18 11:32:57 organ crond[2437]: (system_u) Unauthorized SELinux context (/etc/cron.d/backup)

On other systems, both /etc/cron.d/ and root crontabs work fine. All of these systems are F8 upgraded 
from F7, starting from very similar installs, on x86_64, so I'm at a loss to explain why they behave so 
differently.

File contexts seem to be OK, and 'restorecon -v' on these files reports no changes. Nor does removing 
and reinstalling the vixie-cron and crontabs RPMs change the symptoms.

File contexts on the system with broken root crontab:
[root@cowbell ~]# ls -lZ /etc/crontab /etc/cron.d/subversion-local /var/spool/cron/root 
/var/spool/cron/ben 
-rw-r--r--  root root system_u:object_r:system_cron_spool_t /etc/cron.d/subversion-local
-rw-r--r--  root root system_u:object_r:system_cron_spool_t /etc/crontab
-rw-------  ben  root system_u:object_r:unconfined_cron_spool_t /var/spool/cron/ben
-rw-------  root root root:object_r:unconfined_cron_spool_t /var/spool/cron/root

and on the system with broken /etc/crontab and /etc/cron.d/:
[root@organ ~]# ls -lZ /etc/crontab /etc/cron.d/backup /var/spool/cron/root 
-rw-r--r--  root root root:object_r:system_cron_spool_t /etc/cron.d/backup
-rw-r--r--  root root system_u:object_r:system_cron_spool_t /etc/crontab
-rw-------  root root root:object_r:unconfined_cron_spool_t /var/spool/cron/root
Comment 2 Daniel Walsh 2007-11-19 10:46:32 EST
Fixed in selinux-policy-3.0.8-56.fc8
Comment 3 Ben Webb 2007-11-19 18:19:44 EST
It doesn't fix my problem:

[root@organ ~]# service crond restart
Stopping crond:                                            [  OK  ]
Starting crond:                                            [  OK  ]
[root@organ ~]# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.0.8-56.fc8
[root@organ ~]# tail -3 /var/log/cron
Nov 19 15:16:23 organ crond[3326]: (CRON) STARTUP (4.2)
Nov 19 15:16:23 organ crond[3326]: (system_u) Unauthorized SELinux context
(/etc/crontab)
Nov 19 15:16:23 organ crond[3326]: (system_u) Unauthorized SELinux context
(/etc/cron.d/backup)
[root@organ ~]# ls -lZ /etc/crontab 
-rw-r--r--  root root system_u:object_r:system_cron_spool_t /etc/crontab
Comment 4 Daniel Walsh 2007-11-20 08:15:48 EST
Could you log out and log back in.  And then try it.
Comment 5 Ben Webb 2007-11-21 04:14:25 EST
This is a headless server, so there is rarely anybody logged in, but I just tried it again with a new ssh login 
and selinux-policy-targeted-3.0.8-56.fc8; same deal (file contexts are as in #3):
[root@organ ~]# service crond restart
Stopping crond:                                            [  OK  ]
Starting crond:                                            [  OK  ]
[root@organ ~]# tail -3 /var/log/cron
Nov 21 01:12:35 organ crond[4744]: (CRON) STARTUP (4.2)
Nov 21 01:12:35 organ crond[4744]: (system_u) Unauthorized SELinux context (/etc/crontab)
Nov 21 01:12:35 organ crond[4744]: (system_u) Unauthorized SELinux context (/etc/cron.d/backup)
Comment 6 Daniel Walsh 2007-11-21 09:19:19 EST

*** This bug has been marked as a duplicate of 393261 ***

Note You need to log in before you can comment on or make changes to this bug.