The Silence of the Anacrons

Ted Rule ejtr at layer3.co.uk
Wed Mar 15 11:48:37 UTC 2006 

Something that's niggled me for a while are the empty Email messages
generated by Anacron.

This is on FC4 / selinux-policy-strict-1.27.1-2.22

When the machine is left powered overnight, the normal /etc/cron.daily
processes - including logwatch and logrotate - run perfectly happily and
generate appropriate Emails.

By default, logrotate doesn't result in an Email, but for reasons
unrelated to SELinux I have it set to run in debug mode, so my instance
does. The Email from logrotate is effectively 'sent' by /etc/cron.daily
as it wrappers all the output from its child jobs.

In contrast, logwatch sends its own Email independent of Cron's sendmail
child process.

When the machine is depowered overnight and repowered in the morning,
Anacron proceeds to run the various /etc/cron.daily scripts. With
SELinux enforcing, logwatch runs normally, and generates its normal
Email log summary.

However, logrotate's output is never seen, even though it can be seen
from the various timestamps and filenames that logrotate has correctly
run and suitably rotated all the logs.

The overall cron.daily Job launched by Anacron results in an empty
Email, with no body and more particularly no Subject. The mail From
address is set to "Anacron <root at hostname>".

Burrowing around the Anacron source it is apparent that under normal
circumstances it would give the Email a subject of

	"Anacron job cron.daily"

Given the behaviour I see, I think the problem is somehow related to
the /etc/cron.daily/* processes not having rights to write to the file
descriptor which is the input to Cron's overall sendmail process.

I've had a look through the SELinux policy to see if I can spot the
difference between the permissions of Jobs launched by Cron and Anacron,
and I'm afraid I can't see where the problem lies; since jobs launched
by either method appear to run as system_crond_t, the difference in
behaviour eludes me.

Can anyone else offer any insight into the problem?

Thanks,



-- 
Ted Rule

Director, Layer3 Systems Ltd

W: http://www.layer3.co.uk/

More information about the selinux mailing list