657104 – cron does not run cron jobs reports Unauthorized SELinux context

Bug 657104 - cron does not run cron jobs reports Unauthorized SELinux context

Summary: cron does not run cron jobs reports Unauthorized SELinux context

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	14
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-11-24 22:25 UTC by John Griffiths
Modified:	2010-11-26 16:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-11-26 16:29:25 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description John Griffiths 2010-11-24 22:25:38 UTC

Description of problem:
cron does not run cron jobs. It reports Unauthorized SELinux context in /var/log/cron on startup.

Version-Release number of selected component (if applicable):
cronie.i686                                 1.4.5-2.fc14                @fedora 
selinux-policy.noarch                       3.9.7-12.fc14               @updates
selinux-policy-targeted.noarch              3.9.7-12.fc14               @updates


I have two systems both installed with F14. Cron runs fine on one system but does not run the cronjobs on the other system.

I have reinstalled cronie, crontabs, selinux-policy, selinux-policy-targeted.

I have compared the context of the files that are complained about:

Nov 24 17:17:44 joe crond[12390]: (CRON) STARTUP (1.4.5)
Nov 24 17:17:44 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/crontab)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/smolt)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/0hourly)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/sa-update)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/clamav-update)
Nov 24 17:17:45 joe crond[12390]: ((null)) Unauthorized SELinux context (/etc/cron.d/sysstat)
Nov 24 17:17:46 joe crond[12390]: (jrg3) Unauthorized SELinux context (/var/spool/cron/jrg3)
Nov 24 17:17:46 joe crond[12390]: (root) Unauthorized SELinux context (/var/spool/cron/root)

and the context is the same between the systems.

-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/crontab
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/smolt
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/0hourly
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/sa-update
-rw-------. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/clamav-update
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/sysstat
-rw-------. jrg3 root unconfined_u:object_r:cron_spool_t:s0 /var/spool/cron/jrg3
-rw-------. root root unconfined_u:object_r:cron_spool_t:s0 /var/spool/cron/root

I have compared the output of semanage fcontext -l | grep cron and they are identical.

I am at a loss as to what to do next.

Comment 1 John Griffiths 2010-11-26 16:29:25 UTC

I went through the other bugs on this subject for prior Fedora releases.

I did the following:

1)    rm -rf /etc/selinux/targeted
2)    yum -y reinstall selinux-policy\*
3)    restorecon -R -v /etc/selinux
4)    touch /.autorelabel
5)    rebooted

All is well with cron again. I do not know what was messed up in the policy or the contexts or how they got messed up.

Note You need to log in before you can comment on or make changes to this bug.