LinuxLists.cc - [PATCH] Interface to read cron_system_spool

2018-11-16 17:43:28

Subject: [PATCH] Interface to read cron_system_spool_t

Useful for the case that manage isn't requied.

Signed-off-by: Dave Sugar <[email protected]>
---
policy/modules/services/cron.if | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)

diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index d40848ab..3278c216 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -706,6 +706,26 @@ interface(`cron_manage_system_spool',`
manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
')

+########################################
+## <summary>
+## Read the system spool.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cron_read_system_spool',`
+ gen_require(`
+ type system_cron_spool_t;
+ ')
+
+ cron_search_spool($1)
+ list_dirs_pattern($1, system_cron_spool_t, system_cron_spool_t)
+ read_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
+')
+
########################################
## <summary>
## Read and write crond temporary files.
--
2.19.1

2018-11-18 00:03:10

by Chris PeBenito

[permalink] [raw]

Subject: Re: [PATCH] Interface to read cron_system_spool_t

On 11/16/18 12:43 PM, David Sugar wrote:
> Useful for the case that manage isn't requied.
>
> Signed-off-by: Dave Sugar <[email protected]>
> ---
> policy/modules/services/cron.if | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
>
> diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
> index d40848ab..3278c216 100644
> --- a/policy/modules/services/cron.if
> +++ b/policy/modules/services/cron.if
> @@ -706,6 +706,26 @@ interface(`cron_manage_system_spool',`
> manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
> ')
>
> +########################################
> +## <summary>
> +## Read the system spool.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`cron_read_system_spool',`
> + gen_require(`
> + type system_cron_spool_t;
> + ')
> +
> + cron_search_spool($1)
> + list_dirs_pattern($1, system_cron_spool_t, system_cron_spool_t)
> + read_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
> +')
> +
> ########################################
> ## <summary>
> ## Read and write crond temporary files.

Merged.

--
Chris PeBenito