Package: cron Version: 3.0pl1-128+b1 User: selinux-de...@lists.alioth.debian.org Usertags: selinux
Hi, with the removal of the SELinux login entry for system_u [1], cron stops working. get_security_context [2] expects a NULL name when called for a system cronjob. But it is called with "system_u" [2]. It worked so far cause getseuserbyname [3] translated the incorrect name value "system_u" still to the "system_u" seuser. Best regards, Christian Göttsche [1] https://github.com/TresysTechnology/refpolicy/commit/79f31a04739dad7c7369616cd7c666a57c365511 [2] https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L218 [3] https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L51 --- user.c 2017-03-13 21:06:52.638905763 +0100 +++ user.c.fixed 2017-03-13 21:07:48.654110814 +0100 @@ -215,7 +215,7 @@ if (is_selinux_enabled() > 0) { char *sname=uname; if (pw==NULL) { - sname="system_u"; + sname=NULL; } if (get_security_context(sname, crontab_fd, &u->scontext, tabname) != 0 ) {