[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RHEL5 + strict policy: Unprivileged user cron - "Unauthorized SELinux context"

From: Aleksander Adamowski <aleksander adamowski fedora altkom pl>
To: fedora-selinux-list redhat com
Subject: RHEL5 + strict policy: Unprivileged user cron - "Unauthorized SELinux context"
Date: Wed, 28 Nov 2007 21:16:19 +0100

Hi!

I'm using selinux-policy-strict-2.4.6-30.el5.

I've added a job to apache's crontab (crontab -e -u apache).

Now I can see those errors in /var/log/cron:

crond[27249]: (apache) Unauthorized SELinux context, but SELinux inpermissive mode, continuing (cron/apache)crond[29358]: (apache) NULL security context for user, but SELinux inpermissive mode, continuing ()

Google search found a suggestion that FC6 cron policy is broken,resulting in similar symptoms (but for root instead of apache user), butwhat about RHEL5?

I've also added a simple apache cronjob that simply writes output from"id -Z" to a file in /tmp and it has written the following context data:


root:system_r:crond_t:SystemLow-SystemHigh

Why is the user root? Shouldn't it be user_u or system_u or somethinglike that?


--
Best Regards,
   Aleksander Adamowski
       GG#: 274614

ICQ UIN: 19780575http://olo.org.pl

Follow-Ups:
- Re: RHEL5 + strict policy: Unprivileged user cron - "Unauthorized SELinux context"
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]