On 2020-07-29 23:25, stan via users wrote:
On Wed, 29 Jul 2020 20:54:38 +0800 Ed Greshko ed.greshko@greshko.com wrote:
So, dwatch is not part of Fedora.
Not now.
Right. It was retired around F24 and you've rebuilt it locally to make a F31 package.
Well, you should easily be able to tell if the hourly cron job runs...
journalctl -b 0 | grep hourly
should return a bunch of stuff like...
Jul 29 20:01:01 meimei.greshko.com CROND[29642]: (root) CMD (run-parts /etc/cron.hourly) Jul 29 20:01:01 meimei.greshko.com run-parts[29645]: (/etc/cron.hourly) starting 0anacron Jul 29 20:01:01 meimei.greshko.com run-parts[29651]: (/etc/cron.hourly) finished 0anacron
Returns nothing.
Then, just as a troubleshoot, have you tried running the system with setenforce 0?
I haven't, and that is a good suggestion. I'll reboot with setenforce=0 on the kernel boot line.
I updated the bugzilla with the new information, but putting enforcing=0 on the kernel boot line results in a working system again. The messages change to allowing crond to run even though it has a NULL security context because it is in security mode. I tried older kernels from when it worked before, they also fail now, so not a kernel problem. Somehow, the user that runs crond lost its selinux security context.
e.g.
crond[5954]: (*system*) NULL security context for user, but SELinux in permissive mode, continuing ()
and
crond[1169]: ((null)) No security context but SELinux in permissive mode, continuing (/etc/cron.d/dwatch)
In the above, is PID 5954 the crond process? If you run ps with the -Z option do you get something like
[egreshko@f31k ~]$ ps p 821 -Z LABEL PID TTY STAT TIME COMMAND system_u:system_r:crond_t:s0-s0:c0.c1023 821 ? Ss 0:00 /usr/sbin/crond -n
Do you happen to have another F31 system which doesn't have dwatch installed? All of my F31 systems are running cron jobs just fine and they are all fully updated.
Jul 30 02:01:01 f31k.greshko.com CROND[2417]: (root) CMD (run-parts /etc/cron.hourly) Jul 30 02:01:01 f31k.greshko.com run-parts[2420]: (/etc/cron.hourly) starting 0anacron Jul 30 02:01:01 f31k.greshko.com run-parts[2428]: (/etc/cron.hourly) finished 0anacron
Do you think having dwatch installed may be significant? And, did you mention that in the bugzilla? It sounds to me like an important detail.