Here's the situation:
Upgraded Fedora Core 6 to Fedora 7, then Fedora 8 in rapid succession. I don't know if this problem came into being when going 6->7 or 7->8.
SELinux is in enforcing mode.
Cron is running the contents of crontab just fine for my regular user and my database user (which does database dumps to files). Cron is NOT running root jobs in the crontab, which is making me crazy! I CAN run these jobs when I log in and su to root and then run them manually.
If I edit the crontab as root, here's what pops up in the /var/log/cron log about a minute later.
Nov 23 12:02:01 machinename crond: (root) Unauthorized SELinux context (cron/root)
If I put SELinux in disabled mode, it runs the root cron jobs just fine.
I can't figure out two things:
What to change the context on with chcon, and what to change the context to to let Cron run for root.
In /var/spool/cron we have:
[root@machinename cron]# ls --context
-rw------- myusername root system_u:object_r:unconfined_cron_spool_t myusername
-rw------- postgres root user_u:object_r:cron_spool_t postgres
-rw------- root root system_u:object_r:unconfined_cron_spool_t root
In /usr/sbin we have:
[root@machinename sbin]# ls --context crond
-rwxr-xr-x root root system_u:object_r:crond_exec_t crond
I want the benefits of SELinux so I'm looking for something appropriate to allow the root Cron to work the same as myusername's Cron and postgres's Cron.
The maddening thing is that there's definitely a one-line command to make this right, but I'm not looking to turn off SELinux, and I think that the command that will take care of this problem will probably teach me something useful for the future.