At start-up with current policy, the following error is shown in the
logs:
test fcron[6722]: fcron[6722] 3.1.2 started
test fcron[6722]: Cannot bind socket to '/var/run/fcron.fifo': Permission denied
Adding in a named file transition on a sock_file (+ manage rights on
that sock_file) resolves this
Signed-off-by: Sven Vermeulen <[email protected]>
---
cron.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cron.te b/cron.te
index 7de3859..459e125 100644
--- a/cron.te
+++ b/cron.te
@@ -347,6 +347,10 @@ tunable_policy(`allow_polyinstantiation',`
tunable_policy(`fcron_crond',`
allow crond_t { system_cron_spool_t user_cron_spool_t }:file manage_file_perms;
+
+ files_pid_filetrans(crond_t, crond_var_run_t, sock_file, "fcron.fifo")
+
+ manage_sock_files_pattern(crond_t, crond_var_run_t, crond_var_run_t)
')
optional_policy(`
--
1.8.3.2