Right context for /var/spool/cron/crontabs/root
Luciano Furtado
lrfurtado at yahoo.com.br
Tue Jan 18 16:46:07 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi group,
Why does the context of the crontab spool directory is set to <<none>>
on /etc/selinux/default/contexts/files/file_contexts
/var/spool/cron/crontabs/.* -- <<none>>
I am getting the following avc messages :
[ 17.600000] type=1400 audit(1295191072.769:6): avc: denied { read }
for pid=1847 comm="cron" name="root" dev=xvda ino=106585
scontext=system_u:system_r:crond_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file
[ 17.600000] type=1400 audit(1295191072.769:7): avc: denied {
getattr } for pid=1847 comm="cron" path="/var/spool/cron/crontabs/root"
dev=xvda ino=106585 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file
Is cron_spool_t the right context for this file ?
Best Regards.
Luciano
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNNcPPAAoJENgwSj9ZOOwrnn8H/3j2IYdio26kI96nYN7CbNaE
Oq0BjWWAsiwxcBMtA8V6ZpWQo4KE7L9+kI3CV/q04Nt2M03f+OV7dQM1OOcoEYqr
t7yBPqTXQL1/2R8gEQu9pfS+b3+9k/buU9ynFT8mFe/ZHXNZwGTzJ6n4aBfwk9X1
xw9J634HmBC5CDsYg9G7kNKCUjSP/Yi392l4yMZxvGwhelvIlzjoxC3b3ulrD+L1
GlrGcFnZpiX9KZBfvlTeIzW1lNuFJAAYUihnW97B5wUbzU0qXcdo6JMUzb2S85Wg
reFoPWk9BRjOaFMqV49Jnc1/JgA4A5sCBE3lzHQmw6gRGwrOTjKSNewTt6J9VXE=
=2h4M
-----END PGP SIGNATURE-----
More information about the selinux
mailing list