[DSE-Dev] cron broken in SELinux enforced mode due to system_u login mapping removal
bigon at debian.org
Tue Oct 3 13:31:25 UTC 2017
tag 857662 + patch
On Mon, 13 Mar 2017 21:09:13 +0100 cgzones <cgzones at googlemail.com> wrote:
> with the removal of the SELinux login entry for system_u , cron
> stops working.
> get_security_context  expects a NULL name when called for a system
> But it is called with "system_u" .
> It worked so far cause getseuserbyname  translated the incorrect
> name value "system_u" still to the "system_u" seuser.
> Best regards,
> Christian Göttsche
>  https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L218
>  https://sources.debian.net/src/cron/3.0pl1-128/user.c/?hl=120#L51
The attached patch is a bit more complete. That way cron stop depending
of refpolicy specific identifiers.
I'm thinking about uploading my patch in unstable in the following days
and then in stable
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1566 bytes
Desc: not available
More information about the SELinux-devel