The following was filed automatically by setroubleshoot: Résumé: SELinux is preventing /usr/sbin/crond "create" access. Description détaillée: [crond has a permissive type (crond_t). This access was not denied.] SELinux denied access requested by crond. It is not expected that this access is required by crond and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source system_u:system_r:crond_t:s0-s0:c0.c1023 Contexte cible unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Objets du contexte None [ key ] source crond Chemin de la source /usr/sbin/crond Port <Inconnu> Hôte (removed) Paquetages RPM source cronie-1.4.1-3.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.31-3.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin catchall Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu Sep 10 00:25:40 EDT 2009 x86_64 x86_64 Compteur d'alertes 23 Première alerte sam. 12 sept. 2009 12:59:01 CEST Dernière alerte dim. 13 sept. 2009 00:00:01 CEST ID local bc2a7220-6e29-4e8a-a27e-9b2849b2196c Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1252792801.802:79): avc: denied { create } for pid=3070 comm="crond" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=key node=(removed) type=SYSCALL msg=audit(1252792801.802:79): arch=c000003e syscall=1 success=yes exit=0 a0=3 a1=2039930 a2=36 a3=65726379656b2f72 items=0 ppid=1874 pid=3070 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= crond_t ============== allow crond_t unconfined_t:key create;
Fixed in selinux-policy-3.6.31-4.fc12.noarch