setsebool -P cron_userdomain_transition on not permanent?
Miroslav Grepl
mgrepl at redhat.com
Fri Mar 7 08:57:38 UTC 2014
On 03/06/2014 10:02 PM, Bruno Wolff III wrote:
> On Thu, Mar 06, 2014 at 21:02:17 +0100,
> Dominick Grift <dominick.grift at gmail.com> wrote:
>> On Thu, 2014-03-06 at 09:28 -0600, Bruno Wolff III wrote:
>>> I have been setting cron_userdomain_transition on because otherwise
>>> cron
>>> doesn't work. However despite using the -P option I have occasionally
>>> had to go back and set the boolean again.
>>>
>>> Is there some changes going on in policy updates that would affect
>>> this?
>>>
>>> How do I check that the change is stored in the policy, and not just
>>> in effect until the next reboot?
>>> --
>>
>> A bug for this functionality was reported i believe. Turns out that
>> Fedora needs some extra tweaks. No sure if this has been fixed yet in
>> fedora.
>
> I filed bug 1063503 for the cron issue. In this thread I was more
> interested in why the boolean got turned back off. I know for sure
> that I used the -P option on two systems to work around the cron issue
> and both got changed back to unset. (It might have happened twice on
> one machine, but I am not sure of that.)
>
> I have just tested a reboot and reinstalling (yum reinstall)
> selinux-policy-targeted, but am not seeing cron_userdomain_transition
> change.
>
> I don't have any other easily testable guesses for what happened, so
> for now I'll just keep an eye on it.
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Will work on this bug ASAP.
Regards,
Miroslav
More information about the selinux
mailing list