http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
user_u runs cronjobs as user_t
On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
>
> user_u runs cronjobs as user_t
Fedora-specific.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 05/27/2009 09:25 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
>>
>> user_u runs cronjobs as user_t
>
> Fedora-specific.
>
Please justify cronjobs running as something other then the default user
type?
On Wed, 2009-05-27 at 11:28 -0400, Daniel J Walsh wrote:
> On 05/27/2009 09:25 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
> >>
> >> user_u runs cronjobs as user_t
> >
> > Fedora-specific.
> >
> Please justify cronjobs running as something other then the default user
> type?
A cronjob domain makes it possible to have a subset of user privileges
for cron jobs. I understand your reasons for running them in the user
domain, but as we have discussed before, upstream tends to lean towards
the more restrictive side side as it is easy to make the policy looser
(as evidenced by the fairly trivial patch that makes it work the way you
want).
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150