This patch has been added as needed after recent (> 02022011) changes
affecting the cron module. Apparently the cron daemon needs
audit_control permissions after such changes have been applied.
diff -pruN refpolicy-git-15022011-test/policy/modules/services/cron.te refpolicy-git-15022011-test-new/policy/modules/services/cron.te
--- refpolicy-git-15022011-test/policy/modules/services/cron.te 2011-02-16 04:08:34.911921205 +0100
+++ refpolicy-git-15022011-test-new/policy/modules/services/cron.te 2011-02-16 04:10:08.316183308 +0100
@@ -136,7 +136,7 @@ tunable_policy(`fcron_crond', `
# Cron daemon local policy
#
-allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
+allow crond_t self:capability { audit_control dac_override setgid setuid sys_nice dac_read_search };
dontaudit crond_t self:capability { sys_resource sys_tty_config };
allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow crond_t self:process { setexec setfscreate };