[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: mailman, cron, /bin/sh (more on Re: restorecon vs. setfiles???)

From: Stephen Smalley <sds epoch ncsc mil>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Cc: Daniel J Walsh <dwalsh redhat com>
Subject: Re: mailman, cron, /bin/sh (more on Re: restorecon vs. setfiles???)
Date: Mon, 24 May 2004 08:17:14 -0400

On Fri, 2004-05-21 at 16:30, Tom London wrote:
> I did a FC2 install 'everything' and that seems to have turned on mailman
> cron entries. Unfortuneately, the one that runs /var/mailman/cron/gate_news
> (every 5 minutes!) fails and sends email to email with the report:

>     May 21 12:00:00 dell kernel: audit(1085166000.890:0): avc:  denied  
> { transition } for     pid=7796 exe=/usr/sbin/crond path=/bin/bash 
> dev=hdb3 ino=376840 scontext=system_u:system_r:crond_t 
> tcontext=user_u:sysadm_r:sysadm_t tclass=process

crond shouldn't be attempting to transition to sysadm_t for a cron job. 
getconlist user_u system_u:system_r:crond_t shows a default of
user_u:user_r:user_crond_t.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency

References:
- mailman, cron, /bin/sh (more on Re: restorecon vs. setfiles???)
  - From: Tom London

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]