selinux is blocking my crontab

asked 2017-08-25

toddandmargo

Hi All,

How to I tell SELinux to allow my crontab to operate?

# grep test /etc/crontab
0-59 0-23 * * *  todd notify-send crontab crontest >> "/tmp/$(date)-crontest.txt"

tail -f /var/log/cron
    Aug 24 23:07:01 FedoraServer crond[1335]: (*system*) RELOAD (/etc/crontab)
    Aug 24 23:07:01 FedoraServer crond[1335]: ((null)) Unauthorized SELinux context=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 file_context=system_u:object_r:etc_t:s0 (/etc/crontab)

Many thanks, -T

1 Answer

answered 2017-08-25

villykruse

You should rather crate the crontab entry in /var/spool/cron/ instead by using the command crontab -e. The /etc/crontab is these days only used by system provided crontab entries.

That is a work around, not an answer. Both methods of crontab are suppose to work. But, I need to learn the new way eventually, so now is a good time to start. I have a FC25 server to change over too. (Hopefully, SELinux won't take a shine to the new method.) This is what I get for staying in old-out-of-date (Scientific Linux 7.x) for too long. I appreciate the help. Thank you!

toddandmargo ( 2017-08-25 )

Actually it is pretty easy. The syntax is the same as /etc/crontab, except the "user name" is the name of the file. The user name files are created by "crontab -e" based on the name of the user that invokes it.

Thank you again!

toddandmargo ( 2017-08-25 )

/var/spool/cron/ and the crontab -e command has been around from since before the fedora project was created, and for example existed on Red Hat 6.2 (Zoot) from around year 2000. Also crontab -e was standard procedure on Unix SystemV long before the linux project was born. So I don't know about "new".

villykruse ( 2017-08-26 )

I guess what is new is that SELinux did not take a shine to /etc/crontab until Fedora 26.

I have Fedora 25 server out there I need to convert (crontab -e) over before upgrading to 26

toddandmargo ( 2017-08-26 )

Asked: 2017-08-25

Seen: 911 times

Last updated: Aug 25 '17