On Mon, 13 Mar 2017 21:09:13 +0100 cgzones <cgzo...@googlemail.com> wrote:
> Hi,
Hello,
> with the removal of the SELinux login entry for system_u [1], cron
> stops working.
>
> get_security_context [2] expects a NULL name when called for a system
cronjob.
> But it is called with "system_u" [2].
>
> It worked so far cause getseuserbyname [3] translated the incorrect
> name value "system_u" still to the "system_u" seuser.
>
> Best regards,
> Christian Göttsche
>
> [1]
https://github.com/TresysTechnology/refpolicy/commit/79f31a04739dad7c7369616cd7c666a57c365511
> [2] https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L218
> [3] https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L51
>
[...]
I pushed an different fix (more complete) of the proposed patch to
debian unstable.
Did you had the time to look if it was fixing the issue on your machine?
(It does on mine).
However I discovered that I know get an AVC denials for _user_ cronjob,
do you see that as well? I'm not sure what is causing that.
Regards,
Laurent Bigonville
