From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 9 Dec 2012 10:44:27 +0100
Subject: [refpolicy] [PATCH 04/11] Initial policy for makewhatis
In-Reply-To: <1355003874.1797.47.camel@localhost>
References: <1355000222-7297-1-git-send-email-sven.vermeulen@siphos.be>
	<1355000222-7297-5-git-send-email-sven.vermeulen@siphos.be>
	<1355003874.1797.47.camel@localhost>
Message-ID: <20121209094426.GA20616@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, Dec 08, 2012 at 10:57:54PM +0100, grift wrote:
[... About makewhatis and logsentry policies ...]
> I would rather have the actual cron script labeled and leave this file
> generic instead since this policy only supports a domain transition from
> crond anyway.

What's the rational behind that? The application is marked as an
application_domain, so regular user domains can execute it. Also, other
policies like tmpreaper, which are also meant to just be triggered through a
cronjob, are setup the same way (i.e. /usr/sbin/tmp{reaper,watch} are marked
as tmpreaper_exec_t).

Wkr,
	Sven Vermeulen