From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 23 Sep 2011 21:11:54 +0200
Subject: [refpolicy] [PATCH 1/1] Cronjobs might create temporary
 directories
In-Reply-To: <20110922184251.GA15227@siphos.be>
References: <20110921192331.GA10041@siphos.be>
	<1316636711.24149.11.camel@x220.mydomain.internal>
	<20110922060405.GA13992@siphos.be>
	<1316678065.374.10.camel@x220.mydomain.internal>
	<20110922184251.GA15227@siphos.be>
Message-ID: <20110923191154.GA31939@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Sep 22, 2011 at 08:42:51PM +0200, Sven Vermeulen wrote:
> If the system_cronjob_t domain is seen more like a "jump board" towards the
> application specific domains, I don't mind creating a makewhatis policy
> module and work from there onwards.

Giving the fact that the policy will probably read and write man_t together
with the usual suspects (_exec, _domtrans), is it okay to suggest a patch for
the miscfiles module? Or would you rather see an independent module?

I don't think I need to offer a _run or _role interface, since transitioning
from sysadm_t wouldn't be necessary. Or is it better to do that anyway?

Wkr,	
	Sven Vermeulen