| 1 |
Hi, |
| 2 |
|
| 3 |
On Mon, Nov 28, 2005 at 11:30:10AM +0000, Ian P. Christian wrote: |
| 4 |
> Hey all, I've had a problem for ages with selinux and vixie-cron. I've posted |
| 5 |
> to the forums but not had a result, so I'm trying the list now. |
| 6 |
> |
| 7 |
> http://forums.gentoo.org/viewtopic-t-226190-highlight-cron+selinux.html |
| 8 |
> |
| 9 |
> <quote> |
| 10 |
> I'm also having this issue |
| 11 |
> Nov 2 14:13:48 xian cron[6294]: (CRON) STARTUP (V5.0) |
| 12 |
> Nov 2 14:13:48 xian cron[6294]: (system_u) NO CONTEXT (/etc/crontab) |
| 13 |
> |
| 14 |
> # ls -laZ /etc/crontab |
| 15 |
> -rw------- root root |
| 16 |
> system_u:object_r:system_cron_spool_t /etc/crontab |
| 17 |
|
| 18 |
make sure that cron was started by the init script and that /etc/init.d/vixie-cron has the right label. |
| 19 |
|
| 20 |
muttley etc # ls -alZ /etc/init.d/vixie-cron |
| 21 |
-rwxr-xr-x root root system_u:object_r:initrc_exec_t /etc/init.d/vixie-cron |
| 22 |
muttley etc # /etc/init.d/vixie-cron start |
| 23 |
Authenticating prodan. |
| 24 |
Password: |
| 25 |
* Starting vixie-cron ... [ ok ] |
| 26 |
muttley etc # ps ax --context |grep cron |
| 27 |
16773 system_u:system_r:crond_t /usr/sbin/cron |
| 28 |
# ^ perfect start |
| 29 |
|
| 30 |
I can replicate the 'NO CONTEXT' error only if the cron daemon runs in the wrong domain. |
| 31 |
|
| 32 |
muttley etc # echo 0 > /selinux/enforce |
| 33 |
muttley etc # /usr/sbin/cron |
| 34 |
muttley etc # ps ax --context |grep cron |
| 35 |
30358 prodan:sysadm_r:sysadm_t /usr/sbin/cron |
| 36 |
muttley etc # tail -n10 /var/log/everything/current | grep CONTEXT |
| 37 |
Nov 28 15:15:23 [cron] (system_u) NO CONTEXT (/etc/crontab) |
| 38 |
|
| 39 |
if your problem persists, please open a verbose bug report and assign it to selinux@g.o |
| 40 |
|
| 41 |
cheers, |
| 42 |
peter |
| 43 |
|
| 44 |
-- |
| 45 |
petre rodan |
| 46 |
<kaiowas@g.o> |
| 47 |
Developer, |
| 48 |
Hardened Gentoo Linux |
Archives