This patch has been added as needed after recent (> 02022011) changes
affecting the cron module.
diff -pruN refpolicy-git-15022011-test-apply/policy/modules/services/cron.if refpolicy-git-15022011-new-modified/policy/modules/services/cron.if
--- refpolicy-git-15022011-test-apply/policy/modules/services/cron.if 2011-01-08 19:07:21.234740092 +0100
+++ refpolicy-git-15022011-new-modified/policy/modules/services/cron.if 2011-02-15 23:47:45.242997169 +0100
@@ -523,6 +523,24 @@ interface(`cron_use_system_job_fds',`
########################################
## <summary>
+## Manage a system cron job key.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cron_manage_system_job_key',`
+ gen_require(`
+ type system_cronjob_t;
+ ')
+
+ allow $1 system_cronjob_t:key manage_key_perms;
+')
+
+########################################
+## <summary>
## Write a system cron job unnamed pipe.
## </summary>
## <param name="domain">
diff -pruN refpolicy-git-15022011-test-apply/policy/modules/services/cron.te refpolicy-git-15022011-new-modified/policy/modules/services/cron.te
--- refpolicy-git-15022011-test-apply/policy/modules/services/cron.te 2011-01-08 19:07:21.234740092 +0100
+++ refpolicy-git-15022011-new-modified/policy/modules/services/cron.te 2011-02-15 23:53:14.772478379 +0100
@@ -203,6 +203,8 @@ files_list_usr(crond_t)
files_search_var_lib(crond_t)
files_search_default(crond_t)
+cron_manage_system_job_key(crond_t)
+
init_rw_utmp(crond_t)
init_spec_domtrans_script(crond_t)
Hello !
The three patches for cron ([30/34], [33/34] and [34/34]) should be just
dropped.
I realised that no changes have been made to the cron module recently, I
am not using a very generic cron version and I have not had enough time
to check this more carefully.
It might even be due in part to a local cron misconfiguration.
So, please just do not consider the above mentioned three patches for
cron.
Thanks very much.
Guido
On Wed, 16/02/2011 at 07.36 +0100, Guido Trentalancia wrote:
> This patch has been added as needed after recent (> 02022011) changes
> affecting the cron module.
>
> diff -pruN refpolicy-git-15022011-test-apply/policy/modules/services/cron.if refpolicy-git-15022011-new-modified/policy/modules/services/cron.if
> --- refpolicy-git-15022011-test-apply/policy/modules/services/cron.if 2011-01-08 19:07:21.234740092 +0100
> +++ refpolicy-git-15022011-new-modified/policy/modules/services/cron.if 2011-02-15 23:47:45.242997169 +0100
> @@ -523,6 +523,24 @@ interface(`cron_use_system_job_fds',`
>
> ########################################
> ## <summary>
> +## Manage a system cron job key.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`cron_manage_system_job_key',`
> + gen_require(`
> + type system_cronjob_t;
> + ')
> +
> + allow $1 system_cronjob_t:key manage_key_perms;
> +')
> +
> +########################################
> +## <summary>
> ## Write a system cron job unnamed pipe.
> ## </summary>
> ## <param name="domain">
> diff -pruN refpolicy-git-15022011-test-apply/policy/modules/services/cron.te refpolicy-git-15022011-new-modified/policy/modules/services/cron.te
> --- refpolicy-git-15022011-test-apply/policy/modules/services/cron.te 2011-01-08 19:07:21.234740092 +0100
> +++ refpolicy-git-15022011-new-modified/policy/modules/services/cron.te 2011-02-15 23:53:14.772478379 +0100
> @@ -203,6 +203,8 @@ files_list_usr(crond_t)
> files_search_var_lib(crond_t)
> files_search_default(crond_t)
>
> +cron_manage_system_job_key(crond_t)
> +
> init_rw_utmp(crond_t)
> init_spec_domtrans_script(crond_t)
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>