On Feb 11, 2014, at 11:17 PM, Shawn Wells <[email protected]> wrote: > On 2/11/14, 10:49 PM, Kayse, Josh wrote: >> >> On Feb 7, 2014, at 7:56 PM, Trevor Vaughan <[email protected]> wrote: >> >>> Josh, >>> >>> I haven't seen this happening. >>> >>> Do you happen to have a cron job that is trying to do something with sudo >>> or su? >>> >>> Trevor >>> >> >> Unfortunately I don’t. Could you post your /etc/pam.d/cron file? >> > > $ cat /etc/pam.d/crond > # > # The PAM configuration file for the cron daemon > # > # > # No PAM authentication called, auth modules not needed > account required pam_access.so > account include password-auth > session required pam_loginuid.so > session include password-auth > auth include password-auth > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
I figured out why cron stopped working for me. If you disable the unconfined
module it stops working. So I’ll open a bugzilla for that.
1. semodule -d unconfineduser unconfined
Actual results:
cron stops working with the following log and AVC generated
Feb 14 18:27:01 localhost crond[2673]: (root) FAILED to open PAM security
session (Error in service module)
Feb 14 18:27:01 (null) (null): audit(1392431221.248:729): avc: denied { read
write } for pid=2673 comm=crond name=lastlog ino=666024 dev=sda2
scontext=system_u:system_r:crond_t:s0-s0:c0.c1023
tcontext=system_u:object_r:lastlog_t:s0 tclass=file
Thanks for all the help.
-josh
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
