What were you trying to do that didn't work?

The Regression/bz600391-cron-and-similar test suite from selinux-policy test repo failed during rhel-10 regression run. Cause of failure is the following AVC : 

type=AVC msg=audit(10/15/2025 23:45:01.964:2883) : avc: denied { write } for pid=108861 comm=crontab name=.cache dev="xvda3" ino=494929580 scontext=user_u:user_r:crontab_t:s0 tcontext=user_u:object_r:cache_home_t:s0 tclass=dir permissive=0

type=AVC msg=audit(10/15/2025 23:46:25.526:3019) : avc: denied { write } for pid=109531 comm=crontab name=.cache dev="xvda3" ino=176161718 scontext=staff_u:staff_r:crontab_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=dir permissive=0

Test Log :

https://artifacts.osci.redhat.com/testing-farm/5bc4ced7-3a5d-4933-bac3-738c6b94dddc/

Additional comment by Milos:

The ~/.cache/crontab/ directory serves as a location for backup files, but SELinux blocks the directory creation in enforcing mode. I see this behavior as a regular selinux-policy bug.

What is the impact of this issue to you?

SELINUX Tier-II test failure.

Please provide the package NVR for which the bug is seen:

    selinux-policy-42.1.7-1.el10.noarch
    selinux-policy-devel-42.1.7-1.el10.noarch
    selinux-policy-extra-42.1.7-1.el10.noarch
    selinux-policy-mls-42.1.7-1.el10.noarch
    selinux-policy-mls-extra-42.1.7-1.el10.noarch
    selinux-policy-targeted-42.1.7-1.el10.noarch

How reproducible is this bug?:

Always

Steps to reproduce

1. Execute the selinux-policy : /Regression/bz600391-cron-and-similar test suite using 1minutetip or testing farm. You will see the AVC messages from test log.
2. Testing farm command to be executed :

$ testing-farm request --context "distro=rhel-10.2 arch=x86_64" --git-url https://gitlab.com/redhat/rhel/tests/selinux-policy.git --compose RHEL-10.2-Nightly --git-ref master --arch x86_64 --plan /plans/tier2-first-set --test /Regression/bz600391-cron-and-similar

Expected results

NO AVCs found.