From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:43:40 +0100
Subject: [refpolicy] [PATCH 33/34]: patch to allow audit_control from the
	cron daemon
Message-ID: <1297838620.3205.122.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch has been added as needed after recent (> 02022011) changes
affecting the cron module. Apparently the cron daemon needs
audit_control permissions after such changes have been applied.

diff -pruN refpolicy-git-15022011-test/policy/modules/services/cron.te refpolicy-git-15022011-test-new/policy/modules/services/cron.te
--- refpolicy-git-15022011-test/policy/modules/services/cron.te	2011-02-16 04:08:34.911921205 +0100
+++ refpolicy-git-15022011-test-new/policy/modules/services/cron.te	2011-02-16 04:10:08.316183308 +0100
@@ -136,7 +136,7 @@ tunable_policy(`fcron_crond', `
 # Cron daemon local policy
 #
 
-allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
+allow crond_t self:capability { audit_control dac_override setgid setuid sys_nice dac_read_search };
 dontaudit crond_t self:capability { sys_resource sys_tty_config };
 allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
 allow crond_t self:process { setexec setfscreate };