On Fri, 2013-05-24 at 08:28 +0100, Frank Murphy wrote:
The following showing up fron one box. The box is enforcing, system-config-selinux shows as such. What do I need to fix, or is cron meant to be permissive.?
As for the "is cron meant to be permissive" question:
# seinfo --permissive
Permissive Types: 14 openvswitch_t systemd_localed_t virt_qemu_ga_t pkcsslotd_t realmd_t isnsd_t mandb_t rngd_t slpd_t smsd_t glusterd_t stapserver_t systemd_hostnamed_t sensord_t
The answer, i guess, is: no cron should not be permissive
As for what do i need to fix it, i am not sure.
Could you grep -i selinux_err /var/log/audit/audit.log?
--------------------- Cron Begin ------------------------
**Unmatched Entries** NULL security context for user, but SELinux in permissive mode, continuing () Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) SELinux in permissive mode, continuing (/var/spool/cron/root) NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () NULL security context for user, but SELinux in permissive mode, continuing () ---------------------- Cron End -------------------------