This patch has been added as needed after recent (> 02022011) changes
affecting the cron module. Apparently the cron daemon needs to manage
sysadm_t keys after such changes have been applied.
diff -pruN refpolicy-git-15022011-test/policy/modules/roles/sysadm.if refpolicy-git-15022011-test-new/policy/modules/roles/sysadm.if
--- refpolicy-git-15022011-test/policy/modules/roles/sysadm.if 2011-01-08 19:07:21.214736932 +0100
+++ refpolicy-git-15022011-test-new/policy/modules/roles/sysadm.if 2011-02-16 04:17:41.524236287 +0100
@@ -221,6 +221,24 @@ interface(`sysadm_use_fds',`
########################################
## <summary>
+## Manage sysadm key.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sysadm_manage_key',`
+ gen_require(`
+ type sysadm_t;
+ ')
+
+ allow $1 sysadm_t:key manage_key_perms;
+')
+
+########################################
+## <summary>
## Read and write sysadm user unnamed pipes.
## </summary>
## <param name="domain">
Binary files refpolicy-git-15022011-test/policy/modules/services/.cron.if.swp and refpolicy-git-15022011-test-new/policy/modules/services/.cron.if.swp differ
diff -pruN refpolicy-git-15022011-test/policy/modules/services/cron.te refpolicy-git-15022011-test-new/policy/modules/services/cron.te
--- refpolicy-git-15022011-test/policy/modules/services/cron.te 2011-02-16 04:13:46.685864393 +0100
+++ refpolicy-git-15022011-test-new/policy/modules/services/cron.te 2011-02-16 04:18:49.415329553 +0100
@@ -216,6 +216,8 @@ seutil_read_config(crond_t)
seutil_read_default_contexts(crond_t)
seutil_sigchld_newrole(crond_t)
+sysadm_manage_key(crond_t)
+
miscfiles_read_localization(crond_t)
userdom_use_unpriv_users_fds(crond_t)