Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: fisch <fisch@...>
From: Chris PeBenito <pebenito@g.o>
Subject: Re: SELinux and user-crontab
Date: Thu, 15 Jan 2004 13:35:49 -0600
On Thu, 2004-01-15 at 05:25, fisch wrote:
> I start ssh at boot (rc-update add sshd default) - is that the problem?

No, this works.  Make sure that sshd runs in system_u:system_r:sshd_t
(you can see by doing ps -AZ).

> > > b) user bob can't create a crontab for themself
> > > what I have to do?
> 
> my user bob:
> uid=1001(bob) gid=408(cms) groups=408(cms),100(users)
> context=bob:user_r:user_t

Ok, theres two things to do.  Add your user bob to the cron group
(usermod -G).  Then apply the attached patch to your policy:

cd /etc/security/selinux/src/policy
patch -p1 < /path/to/opt.diff
make load

Then everything should work.  The attached patch has already been
applied to the cvs base-policy.

-- 
Chris PeBenito
<pebenito@g.o>
Developer,
Hardened Gentoo Linux
Embedded Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243
Attachment:
opt.diff (Text Data)
Attachment:
signature.asc (This is a digitally signed message part)
References:
SELinux and user-crontab
-- fisch
Re: SELinux and user-crontab
-- Chris PeBenito
Re: SELinux and user-crontab
-- fisch
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: SELinux and user-crontab
Next by thread:
RE: SELinux and user-crontab
Previous by date:
Re: SELinux and user-crontab
Next by date:
Security Updates


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.