Knowledge Base:Cron fails to load in root crontab with message ENTRYPOINT FAILED

Synopsis
Inside the file the following error message can be found:

Also notice that the root users' crontab is not used.

Environment
This article is applicable on Gentoo Linux systems with a selinux profile:

The user also has  set in the system's USE flags:

Finally, the users' installed cron system is :

Analysis
When wants to execute a users' crontab (including the root user), it first checks the SELinux user owner of the crontab file to make sure that it is safe to execute. But if some user other than root created the root crontab as a regular user (with su or sudo) then the ownership of the file will, SELinux-wise, still be that of the user that created it (most likely ). Hence, cron (well, actually SELinux) refuses to load in the file.

With  set, access from specific domains towards resources (like files) are only allowed if the source context owner is the same as the target, or when   is involved (this domain is exempt from the User Based Access Controls).

Resolution
Verify that the root user file is indeed not owned by the root SELinux user:

Correct the SELinux owner of the file:

Another solution would be to disable user-based access control by setting, but this reduces one of the access controls in place and as thus not recommended.

External resources

 * What is UBAC exactly? in the Gentoo Hardened SELinux FAQ