On Tue, 25 Jan 2005 12:10:52 -0500, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
> Ok, you need to change the policy for crond.te
--- crond.te~ 2005-01-21 16:16:11.000000000 -0500
+++ crond.te 2005-01-25 12:04:52.000000000 -0500
@@ -19,5 +19,5 @@
type sysadm_cron_spool_t, file_type, sysadmfile;
type crond_log_t, file_type, sysadmfile;
type crond_var_run_t, file_type, sysadmfile;
-domain_auto_trans(initrc_t, crond_exec_t, crond_t)
-domain_auto_trans(initrc_t, anacron_exec_t, crond_t)
+domain_auto_trans(initrc_t, crond_exec_t, unconfined_t)
+domain_auto_trans(initrc_t, anacron_exec_t, unconfined_t)
I will update policy and throw it out on people.
selinux-policy-targeted-1.21.3-2
I updated to selinux-policy-targeted-1.21.3-3 and I think I'm still
seeing this problem:
Jan 26 08:33:18 localhost kernel: audit(1106757198.533:0):
security_compute_sid: invalid context user_u:system_r:system_crond_t
for scontext=user_u:system_r:initrc_t
tcontext=system_u:object_r:crond_exec_t tclass=process
Jan 26 08:33:20 localhost kernel: audit(1106757200.158:0):
security_compute_sid: invalid context user_u:system_r:system_crond_t
for scontext=user_u:system_r:initrc_t
tcontext=system_u:object_r:anacron_exec_t tclass=process
Jan 26 08:33:20 localhost kernel: audit(1106757200.370:0):
security_compute_sid: invalid context user_u:system_r:system_crond_t
for scontext=user_u:system_r:initrc_t
tcontext=system_u:object_r:crond_exec_t tclass=process
Jan 26 08:33:29 localhost fstab-sync[3279]: removed all generated mount points
crond.te says:
type crond_var_run_t, file_type, sysadmfile;
domain_auto_trans(initrc_t, crond_exec_t, system_crond_t)
domain_auto_trans(initrc_t, anacron_exec_t, system_crond_t)
unconfined_domain(system_crond_t)
tom
tom
--
Tom London