Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: rawhide strict & crond: msg#00219
|
Subject: |
Re: rawhide strict & crond |
On Tue, 2005-04-26 at 10:05 +0200, Holger Burde wrote:
> I tried to run a cron job from the apache account but nothing happends
> beside a entry in /var/log/cron :
>
> Apr 26 10:51:49 dragon crond[4284]: (CRON) STARTUP (V5.0)
> Apr 26 10:51:49 dragon crond[4284]: (apache) ENTRYPOINT FAILED
> (cron/apache)
>
> (wrong context? )
Yes; crond applies an entrypoint permission check of its own between the
security context for the cron job process and the security context on
the crontab file to prevent tricking a more trusted cron job process
(e.g. root's cron jobs) from running untrustworthy input. What does ls
-Z /var/spool/cron/ show? In the absence of an explicit user identity
for apache in the SELinux policy, I'd expect the apache crontab to be
labeled <user>:object_r:user_cron_spool_t (the <user> doesn't matter;
could be system_u or user_u or root).
> audit2allow -i /var/log/messages -l
> nothing ...
Yes, it isn't a kernel denial; it is a check by crond.
--
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency
|
| |
