On one of my CentOS 6 systems I get the following email every day:
Subject: Anacron job 'cron.daily' on localhost.localdomain
Body:
/etc/cron.daily/mlocate.cron:

/usr/bin/updatedb: can not open `/etc/updatedb.conf': Permission denied

I looked it up and every site I looked at said basically the same thing. You do an ls -lZ on /etc/updatedb.conf and it will look like this:
-rw-r--r--. root root system_u:object_r:etc_t:s0 /etc/updatedb.conf
when it should look like this:
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 /etc/updatedb.conf
To fix it, run restorecon -RFv /etc or restorecon -Fv /etc/updatedb.conf
I tried both. restorecon doesn't report any error (even when I run it with -vv), but the permissions(?) didn't change. When I searched for restorecon failures but found nothing relevant.

Any ideas on why this is happening?

Thanks,
Gregg

I'd hesitate to call you a newbie...

Have you tried matchpathcon -V to check that the default context for the file is as you think it is?

1 members found this post helpful.

Those are the correct permissions and SELinux context for /etc/updatedb.conf in CentOS 6. What sites are telling you otherwise?

Are you seeing SELinux denials logged for this?

1 members found this post helpful.

Thanks hydrurga! I've been in the industry for 25 years, but I started on DOS and have worked on Windows NT since its inception, but when it comes to Linux I'm still just getting my feet wet. :)

I'm feeling quite stupid right now. matchpathcon set me straight! I was looking at this sight and misinterpreted it: https://www.centos.org/forums/viewtopic.php?t=5249
I then compared the CentOS 6 system in question with another, and managed to toggle it there as well. The system reporting the error had unconfined_u:... The system working correctly had system_u:... I've now set the failing system's permissions to system_u:... I'll know for certain tomorrow but I believe I now have it fixed.

Great. Good luck, and let us know either way.

No more emails! Thanks guys.