setsebool -P cron_userdomain_transition on not permanent?
Bruno Wolff III
bruno at wolff.to
Thu Mar 6 21:02:56 UTC 2014
On Thu, Mar 06, 2014 at 21:02:17 +0100,
Dominick Grift <dominick.grift at gmail.com> wrote:
>On Thu, 2014-03-06 at 09:28 -0600, Bruno Wolff III wrote:
>> I have been setting cron_userdomain_transition on because otherwise cron
>> doesn't work. However despite using the -P option I have occasionally
>> had to go back and set the boolean again.
>>
>> Is there some changes going on in policy updates that would affect this?
>>
>> How do I check that the change is stored in the policy, and not just
>> in effect until the next reboot?
>> --
>
>A bug for this functionality was reported i believe. Turns out that
>Fedora needs some extra tweaks. No sure if this has been fixed yet in
>fedora.
I filed bug 1063503 for the cron issue. In this thread I was more
interested in why the boolean got turned back off. I know for sure that
I used the -P option on two systems to work around the cron issue and both
got changed back to unset. (It might have happened twice on one machine,
but I am not sure of that.)
I have just tested a reboot and reinstalling (yum reinstall)
selinux-policy-targeted, but am not seeing cron_userdomain_transition
change.
I don't have any other easily testable guesses for what happened, so for now
I'll just keep an eye on it.
More information about the selinux
mailing list