Description of problem: crontab not allowed to start ssh Version-Release number of selected component (if applicable): selinux-policy-targeted-3.5.13-34.fc10.noarch How reproducible: every time Steps to Reproduce: 1. add crontab entries to start/stop ssh to reduce hacker window on opportunity 2. watch, as SElinux policy denies ssh startup Actual results: ssh not started/stopped Expected results: normal ssh startup, as in F9 Additional info: This is a rule reversion, as this same bug was already fixed in F8/F9 timeframe. setroubleshoot output attached.
Created attachment 327837 [details] setroubleshoot output
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.5.13-37.fc10 This is actually a change in the kernel or in libc that is causing the problem. This policy is not in F8 or F9, but that is not your problem. :^) So it is a regression and I will get the fix out for you.
Where do I get this new selinux-policy-3.5.13-37.fc10 package? It is not rolled out to updates-testing.
You can download it from koji, I will push out this update or a newer one once we get back to work tomorrow.
Seems to be working properly now