vixie-cron and selinux

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

vixie-cron and selinux

Ian P. Christian
Hey all, I've had a problem for ages with selinux and vixie-cron. I've posted
to the forums but not had a result, so I'm trying the list now.

http://forums.gentoo.org/viewtopic-t-226190-highlight-cron+selinux.html

<quote>
I'm also having this issue
   Nov  2 14:13:48 xian cron[6294]: (CRON) STARTUP (V5.0)
   Nov  2 14:13:48 xian cron[6294]: (system_u) NO CONTEXT (/etc/crontab)
 
   # ls -laZ /etc/crontab
   -rw-------  root     root    
          system_u:object_r:system_cron_spool_t /etc/crontab
 
Kind Regards,
 
Ian
</quote>

Cron just isn't running, and I can't figure out what.

Kind Regards,

--
Ian P. Christian ~ http://pookey.co.uk
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: vixie-cron and selinux

Petre Rodan

Hi,

On Mon, Nov 28, 2005 at 11:30:10AM +0000, Ian P. Christian wrote:

> Hey all, I've had a problem for ages with selinux and vixie-cron. I've posted
> to the forums but not had a result, so I'm trying the list now.
>
> http://forums.gentoo.org/viewtopic-t-226190-highlight-cron+selinux.html
>
> <quote>
> I'm also having this issue
>    Nov  2 14:13:48 xian cron[6294]: (CRON) STARTUP (V5.0)
>    Nov  2 14:13:48 xian cron[6294]: (system_u) NO CONTEXT (/etc/crontab)
>  
>    # ls -laZ /etc/crontab
>    -rw-------  root     root    
>           system_u:object_r:system_cron_spool_t /etc/crontab
make sure that cron was started by the init script and that /etc/init.d/vixie-cron has the right label.

muttley etc # ls -alZ /etc/init.d/vixie-cron
-rwxr-xr-x  root     root     system_u:object_r:initrc_exec_t  /etc/init.d/vixie-cron
muttley etc # /etc/init.d/vixie-cron start
Authenticating prodan.
Password:
 * Starting vixie-cron ...                                                     [ ok ]
muttley etc # ps ax --context |grep cron
16773 system_u:system_r:crond_t       /usr/sbin/cron
# ^ perfect start

I can replicate the 'NO CONTEXT' error only if the cron daemon runs in the wrong domain.

muttley etc # echo 0 > /selinux/enforce
muttley etc # /usr/sbin/cron
muttley etc # ps ax --context |grep cron
30358 prodan:sysadm_r:sysadm_t        /usr/sbin/cron
muttley etc # tail -n10 /var/log/everything/current | grep CONTEXT
Nov 28 15:15:23 [cron] (system_u) NO CONTEXT (/etc/crontab)

if your problem persists, please open a verbose bug report and assign it to [hidden email]

cheers,
peter

--
petre rodan
<[hidden email]>
Developer,
Hardened Gentoo Linux

attachment0 (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: vixie-cron and selinux

Ian P. Christian
On Monday 28 November 2005 12:37, Petre Rodan wrote:

> # ls -alZ /etc/init.d/vixie-cron
-rwxr-xr-x  root     root    
system_u:object_r:initrc_exec_t  /etc/init.d/vixie-cron

> # ps ax --context |grep cron
6263 system_u:system_r:crond_t       /usr/sbin/cron

> if your problem persists, please open a verbose bug report and assign it to
> [hidden email]

I'll report this if you (or anyone else on the list) has no more ideas within
the next few hours.

Thanks for your help,

--
Ian P. Christian ~ http://pookey.co.uk

attachment0 (196 bytes) Download Attachment