1 |
All, |
2 |
|
3 |
I got my basic Gentoo Hardened working, but corn still chokes with a few |
4 |
denied every few minutes. No processes are ever executed by cron, in |
5 |
both enforces and permissive mode. I'm not sure how to interpret the |
6 |
following logs. Which socket cron is trying to read from and write to? |
7 |
Also, the scontext and tcontext seem to match, so why is the access denied? |
8 |
|
9 |
Thanks in advance, |
10 |
Julien |
11 |
|
12 |
fez root # May 18 08:40:00 fez CRON[21334]: (root) CMD (test -x |
13 |
/usr/sbin/run-crons && /usr/sbin/run-crons ) |
14 |
May 18 08:40:00 fez |
15 |
May 18 08:40:00 fez avc: denied { getattr } for pid=21334 |
16 |
exe=/usr/sbin/cron path=socket:[26532] dev=00:00 ino=26532 |
17 |
scontext=system_u:system_r:crond_t tcontext=system_u:system_r:crond_t |
18 |
tclass=udp_socket |
19 |
May 18 08:40:00 fez |
20 |
May 18 08:40:00 fez avc: denied { write } for pid=21334 |
21 |
exe=/usr/sbin/cron path=socket:[26533] dev=00:00 ino=26533 |
22 |
scontext=system_u:system_r:crond_t tcontext=system_u:system_r:crond_t |
23 |
tclass=tcp_socket |
24 |
May 18 08:40:00 fez |
25 |
May 18 08:40:00 fez avc: denied { getattr } for pid=21334 |
26 |
exe=/usr/sbin/cron path=socket:[26541] dev=00:00 ino=26541 |
27 |
scontext=system_u:system_r:crond_t tcontext=system_u:system_r:crond_t |
28 |
tclass=udp_socket |
29 |
May 18 08:40:00 fez |
30 |
May 18 08:40:00 fez avc: denied { write } for pid=21334 |
31 |
exe=/usr/sbin/cron path=socket:[26542] dev=00:00 ino=26542 |
32 |
scontext=system_u:system_r:crond_t tcontext=system_u:system_r:crond_t |
33 |
tclass=tcp_socket |
34 |
|
35 |
|
36 |
-- |
37 |
gentoo-hardened@g.o mailing list |