Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1301327

Summary: user crontab stopped working
Product: [Fedora] Fedora Reporter: Laurentiu Pancescu <lpancescu>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 23CC: dominick.grift, dwalsh, kim-rh, lvrabec, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-24 16:44:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Laurentiu Pancescu 2016-01-24 08:34:24 UTC 
I only noticed yesterday evening that the automatic remote backups, triggered twice daily via a user crontab, had stopped working after the upgrade from F22 to F23 (performed last weekend).  I found log messages like the following:

Jan 23 19:42:01 localhost.localdomain crond[1111]: (meike) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/meike)
Jan 23 19:42:01 localhost.localdomain crond[1111]: (meike) FAILED (loading cron table)

Unfortunately, restorecon only displays a warning about missing the default context for that file; I also removed the crontab with "crontab -r" and recreated it with "crontab -e", but this results in the same SELinux context - the backup doesn't run, and I see the same log message mentioning SELinux again.  Does the latest SELinux policy require userspace changes in crontab?
Comment 1 Kim Bisgaard 2016-01-24 10:39:53 UTC 
I get this too, and I too recently upgraded from :
Jan 24 10:20:37 jukebox crontab[19006]: (mythtv) BEGIN EDIT (mythtv)
Jan 24 10:21:44 jukebox crontab[19006]: (mythtv) REPLACE (mythtv)
Jan 24 10:21:44 jukebox crontab[19006]: (mythtv) END EDIT (mythtv)
Jan 24 10:22:01 jukebox crond[8384]: (root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root)
Jan 24 10:22:01 jukebox crond[8384]: (root) FAILED (loading cron table)
Jan 24 10:22:01 jukebox crond[8384]: (mythtv) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/mythtv)
Jan 24 10:22:01 jukebox crond[8384]: (mythtv) FAILED (loading cron table)

ls -alZ /var/spool/cron
total 12
drwx------.  2 root   root   system_u:object_r:user_cron_spool_t:s0     4096 jan 24 10:21 .
drwxr-xr-x. 14 root   root   system_u:object_r:var_spool_t:s0           4096 sep 10 10:23 ..
-rw-------.  1 mythtv mythtv unconfined_u:object_r:user_cron_spool_t:s0  127 jan 24 10:21 mythtv
-rw-------.  1 root   root   unconfined_u:object_r:user_cron_spool_t:s0    0 mar 13  2014 root

ls -lZ /usr/sbin/crond
-rwxr-xr-x. 1 root root system_u:object_r:crond_exec_t:s0 70152 jul 13  2015 /usr/sbin/crond
Comment 2 Kim Bisgaard 2016-01-24 11:46:32 UTC 
rpm -qa cronie selinux-\*
selinux-policy-3.13.1-158.2.fc23.noarch
cronie-1.5.0-3.fc23.x86_64
selinux-policy-targeted-3.13.1-158.2.fc23.noarch
selinux-policy-devel-3.13.1-158.2.fc23.noarch
Comment 3 Petr Lautrbach 2016-01-24 16:44:14 UTC 
Please update your kernel to kernel-4.3.3-303.fc23 - https://bodhi.fedoraproject.org/updates/FEDORA-2016-b59fd603be

*** This bug has been marked as a duplicate of bug 1298192 ***