Bug 132699 - cron: please enable SELinux support
Summary: cron: please enable SELinux support
Status: RESOLVED WONTFIX
Alias: None
Product: SUSE Linux 10.1
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Enhancement (vote)
Target Milestone: ---
Assignee: Mads Martin Joergensen
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-08 13:03 UTC by Thomas Bleher
Modified: 2005-11-08 16:54 UTC (History)
0 users

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Bleher 2005-11-08 13:03:56 UTC 
Please enable SELinux support in cron. The code is already there, it is just not compiled in. I have cron running (4.1-26 from 10.0, but according to the changelog there should be no difference) with the following patch to enable it.

diff -uNr cron-4.1-26.src.rpm/cron.spec cron-4.1-26selinux1.src.rpm/cron.spec
--- cron-4.1-26.src.rpm/cron.spec       2005-09-09 18:30:15.000000000 +0200
+++ cron-4.1-26selinux1.src.rpm/cron.spec       2005-10-19 23:26:16.000000000 +0200
@@ -73,7 +73,7 @@
 %patch11 -p1

 %build
-make DEFS="$RPM_OPT_FLAGS -Wno-comment -fpie" LDFLAGS="-pie"
+make DEFS="$RPM_OPT_FLAGS -Wno-comment -fpie -DWITH_SELINUX" LDFLAGS="-pie"

 %install
 install -d $RPM_BUILD_ROOT/usr/{bin,sbin}
diff -uNr cron-4.1-26.src.rpm/vixie-cron-4.1-pam.diff cron-4.1-26selinux1.src.rpm/vixie-cron-4.1-pam.diff
--- cron-4.1-26.src.rpm/vixie-cron-4.1-pam.diff 2005-08-25 13:54:54.000000000 +0200
+++ cron-4.1-26selinux1.src.rpm/vixie-cron-4.1-pam.diff 2005-10-19 23:25:46.000000000 +0200
@@ -163,7 +163,7 @@
  #INCLUDE      =
  #<<need getopt()>>
 -LIBS          =       -lselinux
-+LIBS          =       -lpam -lpam_misc
++LIBS          =       -lselinux -lpam -lpam_misc
  #<<optimize or debug?>>
  #CDEBUG               =       -O
  CDEBUG                =       -O2 -pipe
@@ -172,7 +172,7 @@
  CC            =       gcc -Wall -Wno-unused -Wno-comment
  #<<manifest defines>>
 -DEFS          =       -DWITH_SELINUX
-+DEFS          =       -DWITH_PAM
++DEFS          =       -DWITH_PAM -DWITH_SELINUX
  #(SGI IRIX systems need this)
  #DEFS         =       -D_BSD_SIGNALS -Dconst=
  #<<the name of the BSD-like install program>>
Comment 1 Mads Martin Joergensen 2005-11-08 14:03:40 UTC 
We've had segfaults and cron crashing in the past due to SELinux support,
and since cron is way too important to risk anything like this, it's not going
to happen for now.
Comment 2 Thomas Bleher 2005-11-08 16:54:22 UTC 
Hmm, can you give some details so maybe someone can track it down?
I saw bug #45611 mentioned in the changelogs, but unfortunately it's closed for me so I can't view the information there.
The patch has been in Fedora for a long time, so it should be pretty well tested (assuming the different patches on top of cron don't interfere); looking at the Fedora changelog, they fixed a segfault in cron in March 2005, maybe this also bit the SUSE version.