Rawhide Cant' update crontab using gnome-schedule.
Dominick Grift
domg472 at gmail.com
Fri Feb 20 12:54:53 UTC 2009
On Fri, 2009-02-20 at 11:15 +0000, Frank Murphy wrote:
> Gnome-Schedule opens, but cannot update any tasks.
> ~/audit/.log
> doesn't show any specific denials.
> Hpappens as pure root, (sudo, su) user
>
> sudo gnome-schedule
> Access denied by SELinux, must be privileged to use -u
It wants this:
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.394:41): arch=c000003e syscall=137
success=yes exit=0 a0=860060 a1=7fffe9f391f0 a2=1000 a3=7fffe9f38f90
items=0 ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab"
exe="/usr/bin/crontab" subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1235133152.394:41): avc: denied { getattr } for
pid=3741 comm="crontab" name="/" dev=selinuxfs ino=1
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
----
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.394:42): arch=c000003e syscall=4
success=no exit=1427685336 a0=7fffe9f381c0 a1=7fffe9f38130
a2=7fffe9f38130
a3=7fffe9f37ee0 items=0 ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab"
exe="/usr/bin/crontab" subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1235133152.394:42): avc: denied { getattr } for
pid=3741 comm="crontab" path="/selinux/class" dev=selinuxfs ino=26
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=dir
type=AVC msg=audit(1235133152.394:42): avc: denied { search } for
pid=3741 comm="crontab" name="/" dev=selinuxfs ino=1
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=dir
----
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.395:43): arch=c000003e syscall=2
success=no exit=1427685336 a0=7fffe9f38190 a1=0 a2=7fffe9f3819c
a3=7fffe9f37f40 items=0 ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab"
exe="/usr/bin/crontab" subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1235133152.395:43): avc: denied { open } for
pid=3741 comm="crontab" name="mls" dev=selinuxfs ino=12
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=file
type=AVC msg=audit(1235133152.395:43): avc: denied { read } for
pid=3741 comm="crontab" name="mls" dev=selinuxfs ino=12
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=file
----
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.397:44): arch=c000003e syscall=2
success=yes exit=3 a0=7fffe9f381c0 a1=90800 a2=7fffe9f381db
a3=7fffe9f37e90
items=0 ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab"
exe="/usr/bin/crontab" subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1235133152.397:44): avc: denied { open } for
pid=3741 comm="crontab" name="perms" dev=selinuxfs ino=67111432
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=dir
type=AVC msg=audit(1235133152.397:44): avc: denied { read } for
pid=3741 comm="crontab" name="perms" dev=selinuxfs ino=67111432
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=dir
----
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.398:45): arch=c000003e syscall=4
success=yes exit=0 a0=7fffe9f381c0 a1=7fffe9f38120 a2=7fffe9f38120
a3=fffffff9 items=0 ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab"
exe="/usr/bin/crontab" subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1235133152.398:45): avc: denied { getattr } for
pid=3741 comm="crontab" path="/selinux/class/passwd/perms/crontab"
dev=selinuxfs ino=67109859
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=file
----
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.398:46): arch=c000003e syscall=2
success=yes exit=3 a0=7fffe9f38200 a1=2 a2=7fffe9f3820f
a3=8101010101010100
items=0 ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab"
exe="/usr/bin/crontab" subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1235133152.398:46): avc: denied { write } for
pid=3741 comm="crontab" name="access" dev=selinuxfs ino=6
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=file
----
time->Fri Feb 20 13:32:32 2009
type=SYSCALL msg=audit(1235133152.398:47): arch=c000003e syscall=1
success=no exit=1427685336 a0=3 a1=1070300 a2=65 a3=7fffe9f37f70
items=0
ppid=3737 pid=3741 auid=501 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts2 ses=1 comm="crontab" exe="/usr/bin/crontab"
subj=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1235133152.398:47): avc: denied { compute_av } for
pid=3741 comm="crontab"
scontext=dgrift:unconfined_r:crontab_t:s0-s0:c0.c1023
tcontext=system_u:object_r:security_t:s0 tclass=security
This module will allow it:
policy_module(myschedule, 0.0.1)
require { type crontab_t, security_t; }
allow crontab_t security_t:security compute_av;
selinux_set_generic_booleans(crontab_t)
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list