Bug 132699

Summary: cron: please enable SELinux support
Product: [openSUSE] SUSE Linux 10.1 Reporter: Thomas Bleher <bleher>
Component: BasesystemAssignee: Mads Martin Joergensen <mmj>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Enhancement    
Priority: P5 - None    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Bleher 2005-11-08 13:03:56 UTC 
Please enable SELinux support in cron. The code is already there, it is just not compiled in. I have cron running (4.1-26 from 10.0, but according to the changelog there should be no difference) with the following patch to enable it.

diff -uNr cron-4.1-26.src.rpm/cron.spec cron-4.1-26selinux1.src.rpm/cron.spec
--- cron-4.1-26.src.rpm/cron.spec       2005-09-09 18:30:15.000000000 +0200
+++ cron-4.1-26selinux1.src.rpm/cron.spec       2005-10-19 23:26:16.000000000 +0200
@@ -73,7 +73,7 @@
 %patch11 -p1

 %build
-make DEFS="$RPM_OPT_FLAGS -Wno-comment -fpie" LDFLAGS="-pie"
+make DEFS="$RPM_OPT_FLAGS -Wno-comment -fpie -DWITH_SELINUX" LDFLAGS="-pie"

 %install
 install -d $RPM_BUILD_ROOT/usr/{bin,sbin}
diff -uNr cron-4.1-26.src.rpm/vixie-cron-4.1-pam.diff cron-4.1-26selinux1.src.rpm/vixie-cron-4.1-pam.diff
--- cron-4.1-26.src.rpm/vixie-cron-4.1-pam.diff 2005-08-25 13:54:54.000000000 +0200
+++ cron-4.1-26selinux1.src.rpm/vixie-cron-4.1-pam.diff 2005-10-19 23:25:46.000000000 +0200
@@ -163,7 +163,7 @@
  #INCLUDE      =
  #<<need getopt()>>
 -LIBS          =       -lselinux
-+LIBS          =       -lpam -lpam_misc
++LIBS          =       -lselinux -lpam -lpam_misc
  #<<optimize or debug?>>
  #CDEBUG               =       -O
  CDEBUG                =       -O2 -pipe
@@ -172,7 +172,7 @@
  CC            =       gcc -Wall -Wno-unused -Wno-comment
  #<<manifest defines>>
 -DEFS          =       -DWITH_SELINUX
-+DEFS          =       -DWITH_PAM
++DEFS          =       -DWITH_PAM -DWITH_SELINUX
  #(SGI IRIX systems need this)
  #DEFS         =       -D_BSD_SIGNALS -Dconst=
  #<<the name of the BSD-like install program>>
Comment 1 Mads Martin Joergensen 2005-11-08 14:03:40 UTC 
We've had segfaults and cron crashing in the past due to SELinux support,
and since cron is way too important to risk anything like this, it's not going
to happen for now.
Comment 2 Thomas Bleher 2005-11-08 16:54:22 UTC 
Hmm, can you give some details so maybe someone can track it down?
I saw bug #45611 mentioned in the changelogs, but unfortunately it's closed for me so I can't view the information there.
The patch has been in Fedora for a long time, so it should be pretty well tested (assuming the different patches on top of cron don't interfere); looking at the Fedora changelog, they fixed a segfault in cron in March 2005, maybe this also bit the SUSE version.