Ask Your Question
0

selinux is blocking my crontab

asked 2017-08-25 01:24:18 -0600

toddandmargo gravatar image

Hi All,

How to I tell SELinux to allow my crontab to operate?

# grep test /etc/crontab
0-59 0-23 * * *  todd notify-send crontab crontest >> "/tmp/$(date)-crontest.txt"

tail -f /var/log/cron
    Aug 24 23:07:01 FedoraServer crond[1335]: (*system*) RELOAD (/etc/crontab)
    Aug 24 23:07:01 FedoraServer crond[1335]: ((null)) Unauthorized SELinux context=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 file_context=system_u:object_r:etc_t:s0 (/etc/crontab)

Many thanks, -T

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-08-25 02:58:30 -0600

villykruse gravatar image

You should rather crate the crontab entry in /var/spool/cron/ instead by using the command crontab -e. The /etc/crontab is these days only used by system provided crontab entries.

edit flag offensive delete link more

Comments

That is a work around, not an answer. Both methods of crontab are suppose to work. But, I need to learn the new way eventually, so now is a good time to start. I have a FC25 server to change over too. (Hopefully, SELinux won't take a shine to the new method.) This is what I get for staying in old-out-of-date (Scientific Linux 7.x) for too long. I appreciate the help. Thank you!

toddandmargo gravatar imagetoddandmargo ( 2017-08-25 19:44:35 -0600 )edit

Actually it is pretty easy. The syntax is the same as /etc/crontab, except the "user name" is the name of the file. The user name files are created by "crontab -e" based on the name of the user that invokes it.

Thank you again!

toddandmargo gravatar imagetoddandmargo ( 2017-08-25 22:08:07 -0600 )edit

/var/spool/cron/ and the crontab -e command has been around from since before the fedora project was created, and for example existed on Red Hat 6.2 (Zoot) from around year 2000. Also crontab -e was standard procedure on Unix SystemV long before the linux project was born. So I don't know about "new".

villykruse gravatar imagevillykruse ( 2017-08-26 00:58:03 -0600 )edit

I guess what is new is that SELinux did not take a shine to /etc/crontab until Fedora 26.

I have Fedora 25 server out there I need to convert (crontab -e) over before upgrading to 26

toddandmargo gravatar imagetoddandmargo ( 2017-08-26 01:06:35 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-08-25 01:24:18 -0600

Seen: 644 times

Last updated: Aug 25 '17