[DSE-Dev] cron broken in SELinux enforced mode due to system_u login mapping removal

Laurent Bigonville bigon at debian.org
Tue Oct 3 13:31:25 UTC 2017

tag 857662 + patch

On Mon, 13 Mar 2017 21:09:13 +0100 cgzones <cgzones at googlemail.com> wrote:

 > Hi,
 > with the removal of the SELinux login entry for system_u [1], cron
 > stops working.
 > get_security_context [2] expects a NULL name when called for a system 
 > But it is called with "system_u" [2].
 > It worked so far cause getseuserbyname [3] translated the incorrect
 > name value "system_u" still to the "system_u" seuser.
 > Best regards,
 > Christian Göttsche
 > [1] 
 > [2] https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L218
 > [3] https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L51

The attached patch is a bit more complete. That way cron stop depending 
of refpolicy specific identifiers.

I'm thinking about uploading my patch in unstable in the following days 
and then in stable


Laurent Bigonville
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 857662.patch
Type: text/x-patch
Size: 1566 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20171003/1d7222c3/attachment.bin>

More information about the SELinux-devel mailing list