[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux and crontab one-more-time



On 04/15/2009 06:28 PM, Antonio Olivares wrote:



--- On Wed, 4/15/09, Daniel J Walsh<dwalsh redhat com>  wrote:

From: Daniel J Walsh<dwalsh redhat com>
Subject: Re: selinux and crontab one-more-time
To: olivares14031 yahoo com
Cc: fedora-selinux-list redhat com
Date: Wednesday, April 15, 2009, 6:09 AM
On 04/15/2009 08:38 AM, Antonio Olivares wrote:
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I tried everything you described and it worked
fine.  THe
unconfined_t:unix_stream_socket is coming from the
leaked
file
descriptor in Konsole, I believe.
It is working, but on the other machine I can't
edit crontab.  Only on this one.  But why do I see this
message?
Thanks,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list redhat com

https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Is the other machine fully upgraded to the latest policy?
Make sure the
policy installed successfully.

yum reinstall selinux-policy-targeted

The message is caused by leaks in file descriptors within
Konsole.


[olivares riohigh ~]$ whoami
olivares
[olivares riohigh ~]$ crontab -l
cron/olivares: Permission denied
[olivares riohigh ~]$ crontab -e
cron/olivares: Permission denied
[olivares riohigh ~]$ dmesg | grep 'avc'
[olivares riohigh ~]$ rpm -qa selinux-policy-targeted
selinux-policy-targeted-3.6.12-4.fc11.noarch

Doing the steps you outlined.

[root riohigh ~]# yum reinstall selinux-policy-targeted
Setting up Reinstall Process
Resolving Dependencies
-->  Running transaction check
--->  Package selinux-policy-targeted.noarch 0:3.6.12-4.fc11 set to be erased
--->  Package selinux-policy-targeted.noarch 0:3.6.12-4.fc11 set to be updated
-->  Finished Dependency Resolution

Dependencies Resolved

================================================================================
  Package                     Arch       Version             Repository     Size
================================================================================
Installing:
  selinux-policy-targeted     noarch     3.6.12-4.fc11       rawhide       2.1 M
Removing:
  selinux-policy-targeted     noarch     3.6.12-4.fc11       installed     2.3 M

Transaction Summary
================================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       1 Package(s)

Total download size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
selinux-policy-targeted-3.6.12-4.fc11.noarch.rpm         | 2.1 MB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
   Erasing        : selinux-policy-targeted                                  1/2
   Installing     : selinux-policy-targeted                                  1/2

Removed:
   selinux-policy-targeted.noarch 0:3.6.12-4.fc11

Installed:
   selinux-policy-targeted.noarch 0:3.6.12-4.fc11

Complete!


makes no difference :(, Can't modify my crontab to change certain things.

[olivares riohigh ~]$ crontab -l
cron/olivares: Permission denied
[olivares riohigh ~]$ crontab -e
cron/olivares: Permission denied


Regards,

Antonio




Putting the machine in permssive mode you are able to execute these commands?

No avc messages about crontab, other then the leaked file descritptor?

# ls -lZ /var/spool/cron

Could you try to add a custom policy to allow the avc's about unconfined_t and see if the crontab command works.

# grep crontab /var/log/audit/audit.log | audit2allow -m mycrontab
# semodule -i mycrontab.pp


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]