The following showing up fron one box. The box is enforcing, system-config-selinux shows as such. What do I need to fix, or is cron meant to be permissive.?
--------------------- Cron Begin ------------------------
**Unmatched Entries** NULL security context for user, but SELinux in permissive mode, continuing () Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () ---------------------- Cron End -------------------------
On Fri, 2013-05-24 at 08:28 +0100, Frank Murphy wrote:
The following showing up fron one box. The box is enforcing, system-config-selinux shows as such. What do I need to fix, or is cron meant to be permissive.?
As for the "is cron meant to be permissive" question:
# seinfo --permissive
Permissive Types: 14 openvswitch_t systemd_localed_t virt_qemu_ga_t pkcsslotd_t realmd_t isnsd_t mandb_t rngd_t slpd_t smsd_t glusterd_t stapserver_t systemd_hostnamed_t sensord_t
The answer, i guess, is: no cron should not be permissive
As for what do i need to fix it, i am not sure.
Could you grep -i selinux_err /var/log/audit/audit.log?
--------------------- Cron Begin ------------------------
**Unmatched Entries** NULL security context for user, but SELinux in permissive mode, continuing () Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () ---------------------- Cron End -------------------------
On Fri, 24 May 2013 11:30:17 +0200 Dominick Grift dominick.grift@gmail.com wrote:
The answer, i guess, is: no cron should not be permissive
As for what do i need to fix it, i am not sure.
Could you grep -i selinux_err /var/log/audit/audit.log?
No result on above. I have checked to make sure the log is not empty itself.
On 05/24/2013 09:28 AM, Frank Murphy wrote:
The following showing up fron one box. The box is enforcing, system-config-selinux shows as such. What do I need to fix, or is cron meant to be permissive.?
--------------------- Cron Begin ------------------------
**Unmatched Entries** NULL security context for user, but SELinux in permissive mode, continuing () Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () ---------------------- Cron End -------------------------
Could you please open a new bug on selinux-policy and we can discuss it in this bug.
Regards, Miroslav
selinux@lists.fedoraproject.org