[DSE-Dev] refpolicy HEAD, Debian, syslogd & setrlimit

Václav Ovsík vaclav.ovsik at i.cz
Wed Dec 5 14:13:24 UTC 2007


audit(1196861341.205:26): avc:  denied  { setrlimit } for  pid=2160 comm="cron" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process

There is a content of /etc/pam.d/cron from my Debian Etch:

    # The PAM configuration file for the cron daemon
    @include common-auth
    auth       required   pam_env.so
    @include common-account
    @include common-session
    # Sets up user limits, please define limits for cron tasks
    # through /etc/security/limits.conf
    session    required   pam_limits.so


has only comment sections.

Can be rlimit allowed or should be solved this in some other way?

More information about the SELinux-devel mailing list