[DSE-User] Some minor problems with crond, rsync and postfix
Marcus Husar
marcus.husar at rose.uni-heidelberg.de
Fri Jan 23 08:07:01 UTC 2009
Hi,
I'm new to SE Linux. Yesterday I enabled permissive mode with
default-policies and did an auto-relabel. It took more than 6 hours on a
machine doing daily, weekly and monthly backups (lots of hardlinks).
I have some similar backup-scripts run by root's crontab. They execute
rsync, write to /srv/backup/ and send mails per 'mail'. An
example-script that is causing those problems is attached.
How can I fix them?
here postfix isn't allowed to append mails to /var/mail/root:
Jan 22 22:02:08 pauling kernel: type=1400 audit(1232658128.170:91): avc:
denied { append } for pid=13797 comm="local" name="root" dev=dm-3
ino=262148
scontext=unconfined_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
and here we see crond trying to execute a script using rsync:
Jan 22 22:30:03 pauling kernel: type=1401 audit(1232659803.562:92):
security_compute_sid: invalid context
unconfined_u:system_r:unconfined_crond_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:unconfined_crond_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rsync_exec_t:s0 tclass=process
Are there any tools for Debian like them in RHEL5?:
http://stewpid-litterbox.blogspot.com/2008/01/create-selinux-policy-from-audit2allow.html
Best regards
Marcus
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: emma_system_daily
Url: http://lists.alioth.debian.org/pipermail/selinux-user/attachments/20090123/e90c3471/attachment.txt
More information about the Selinux-user
mailing list