From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 27 May 2009 08:56:57 -0400
Subject: [refpolicy] staff_t runs cronjobs as cronjob_t instead of
 staff_t in Fedora 11
In-Reply-To: <1242936317.3383.4.camel@notebook2.grift.internal>
References: <1242936317.3383.4.camel@notebook2.grift.internal>
Message-ID: <1243429020.5421.1.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-05-21 at 22:05 +0200, Dominick Grift wrote:
> I am not sure if this issue can be reproduced on non Redhat distros but
> here in Fedora 11 cronjobs by staff_t get executed in the cronjob_t
> domain.
> 
> This is not very handy because if staff_t wants to back up his home
> directory for example, then cronjob_t cannot access it.
> 
> I am wondering why it runs as cronjob_t?

Running in cronjob_t is expected.  However it has permissions to manage
user home dir content, so I'd only expect denials if the seuser didn't
match.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150