Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1306104
| Summary: | Unauthorized SELinux context; FAILED loading cron table | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michael Hampton <error> |
| Component: | cronie | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | mmaslano, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-10 10:03:02 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1298192 *** |
Description of problem: crond refuses to load any user's crontabs from /var/spool/cron directory, and complains about the SELinux contexts. Feb 09 20:33:33 saurok systemd[1]: Starting Command Scheduler... Feb 09 20:33:33 saurok crond[30971]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 64% if used.) Feb 09 20:33:33 saurok crond[30971]: (mirror) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/mirror) Feb 09 20:33:33 saurok crond[30971]: (mirror) FAILED (loading cron table) Feb 09 20:33:33 saurok crond[30971]: (root) Unauthorized SELinux context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 file_context=unconfined_u:object_r:user_cron_spool_t:s0 (/var/spool/cron/root) Feb 09 20:33:33 saurok crond[30971]: (root) FAILED (loading cron table) crond seems to be running with the right context: # ps axZ | grep crond system_u:system_r:crond_t:s0-s0:c0.c1023 334 ? Ss 0:00 /usr/sbin/crond -n The files themselves seem to have the right contexts: # ls -aZ /var/spool/cron system_u:object_r:user_cron_spool_t:s0 . system_u:object_r:var_spool_t:s0 .. unconfined_u:object_r:user_cron_spool_t:s0 mirror unconfined_u:object_r:user_cron_spool_t:s0 root Attempting to use restorecon had no effect: # restorecon -r -v /var/spool/cron restorecon: Warning no default label for /var/spool/cron/mirror restorecon: Warning no default label for /var/spool/cron/root No AVCs were logged. Version-Release number of selected component (if applicable): cronie-1.5.0-3.fc23.x86_64 selinux-policy-targeted-3.13.1-158.4.fc23.noarch How reproducible: Always Steps to Reproduce: 1. crontab -e 2. systemctl restart crond Actual results: cron jobs fail to run; journal entries complain about Unauthorized SELinux context. Expected results: cron jobs run normally. Additional info: This appears to have begun immediately after upgrading from F22 to F23 a couple of weeks ago. No user cron jobs have run since the upgrade took place; only jobs in /etc/cron.* are being run.