OK, I'm going to call this fixed and do a quick summary here of the solution.
The initial problem was that I was seeing error messages in /var/log/cron and in my logwatch files of the form
Code: Select all
Mar 3 08:30:01 dunwellguitar3 crond[8463]: (root) NULL security context for user, but SELinux in permissive mode, continuing ()
Mar 3 08:30:01 dunwellguitar3 CROND[8468]: (root) CMD (/usr/local/solar-web_monitor/cgi-bin/fronius_daily_logger.pl)
This was as a result of the cron job /var/spool/cron/root running. There were four individual lines there running a bash shell script and various perl scripts and all of them threw the error when run.
The problem turned out to be related to the fact that the root cron file had been brought over whole-cloth from my CentOS5 server and just plopped in /var/spool/cron. So although they ran because of SEL being in permissive mode they threw the mysterious error message.
The Solution turned out to be to edit the root file but
NOT directly with vi or nano but rather with the "crontab -e" command. This opens the root file and allow editing but also does an update of crontab on exit/save. Further, I forced all the lines in the root file to seem to have been changed by adding/deleting a letter in each line.
NOTE: This modification of each line may or may not have been necessary, I report it in case it is important but I suspect that the crontab -e type edit is the critical issue.
Once this change was done with crontab -e the error messages went away completely.
The SELinux labels now look like
Code: Select all
126 dunwellguitar3:/var/spool/cron
> ls -laZ
drwx------. root root system_u:object_r:user_cron_spool_t:s0 ./
drwxr-xr-x. root root system_u:object_r:var_spool_t:s0 ../
-rw-------. root root unconfined_u:object_r:user_cron_spool_t:s0 root
WARNING:
Be aware that direct change of the crontab as root with commands of the form
Code: Select all
echo "* * * * * echo 'HELLO' >> /root/log" > cronjob
cat cronjob | crontab
crontab -l # you should see the cron job printed.
rm -f cronjob
will
destroy the current /var/spool/cron/root file! Be sure to make a backup copy of the file if you choose to use this type of modification.
[Note:]
It may be that my current file tree structure for cron is wrong. I have it as /var/spool/cron/root. I have seen in some online documents that perhaps it should be /var/spool/cron/crontab/root and other usernames at that lower level. This may only be in some other nixes than CentOS though, not sure.
What is still
NOT understood is exactly why it was throwing the message and why that particular non-informative and seemingly unrelated message.
I want to thank all the folks that chimed in here with help and in particular aks who's perseverance was admirable
This forum is a standard to which other fora only wish to rise. Kudos to all.
Alan D.