On Fri, 2013-05-24 at 08:28 +0100, Frank Murphy wrote:
The following showing up fron one box.
The box is enforcing, system-config-selinux shows as such.
What do I need to fix, or is cron meant to be permissive.?
As for the "is cron meant to be permissive" question:
# seinfo --permissive
Permissive Types: 14
openvswitch_t
systemd_localed_t
virt_qemu_ga_t
pkcsslotd_t
realmd_t
isnsd_t
mandb_t
rngd_t
slpd_t
smsd_t
glusterd_t
stapserver_t
systemd_hostnamed_t
sensord_t
The answer, i guess, is: no cron should not be permissive
As for what do i need to fix it, i am not sure.
Could you grep -i selinux_err /var/log/audit/audit.log?
--------------------- Cron Begin ------------------------
**Unmatched Entries**
NULL security context for user, but SELinux in permissive mode,
continuing () Unauthorized SELinux
context=unconfined_u:unconfined_r:unconfined_t:s0
file_context=unconfined_u:object_r:user_cron_spool_t:s0
(/var/spool/cron/root) SELinux in permissive mode, continuing
(/var/spool/cron/root) Unauthorized SELinux
context=unconfined_u:unconfined_r:unconfined_t:s0
file_context=unconfined_u:object_r:user_cron_spool_t:s0
(/var/spool/cron/root) SELinux in permissive mode, continuing
(/var/spool/cron/root) NULL security context for user, but SELinux in
permissive mode, continuing () NULL security context for user, but
SELinux in permissive mode, continuing () NULL security context for
user, but SELinux in permissive mode, continuing () NULL security
context for user, but SELinux in permissive mode, continuing ()
---------------------- Cron End -------------------------