From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 13 May 2010 13:22:04 -0400
Subject: [refpolicy] Might be a bug in crond_system_entry
In-Reply-To: <4BEC226B.3040505@redhat.com>
References: <4BEC226B.3040505@redhat.com>
Message-ID: <1273771324.738.56.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2010-05-13 at 12:01 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> interface(`cron_system_entry',`
>  gen_require(`
>   type crond_t, system_cronjob_t;
>  ')
> 
>  domtrans_pattern(system_cronjob_t, $2, $1)
>  domtrans_pattern(crond_t, $2, $1)
>   This line is questionable.  Might have even been added by me.

I believe the intention is to handle the case where someone puts the
command directly into the /etc/crontab, rather than in /etc/cron.*/

eg, in /etc/crontab:

0 * * * * root /usr/bin/my_entrypoint


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com