[selinux-policy: 500/3172] more fixes for targeted
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:47:51 UTC 2010
commit ec848d247f563b01bb7338b2ef8a00c00c67c0bc
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jul 19 19:37:43 2005 +0000
more fixes for targeted
refpolicy/policy/modules/services/cron.fc | 4 ++--
refpolicy/policy/modules/services/cron.te | 6 ++----
2 files changed, 4 insertions(+), 6 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/cron.fc b/refpolicy/policy/modules/services/cron.fc
index a9e2714..04937cf 100644
--- a/refpolicy/policy/modules/services/cron.fc
+++ b/refpolicy/policy/modules/services/cron.fc
@@ -23,13 +23,13 @@
/var/spool/at/[^/]* -- <<none>>
/var/spool/cron -d context_template(system_u:object_r:cron_spool_t,s0)
-/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0)
+#/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0)
/var/spool/cron/[^/]* -- <<none>>
/var/spool/cron/crontabs -d context_template(system_u:object_r:cron_spool_t,s0)
/var/spool/cron/crontabs/.* -- <<none>>
-/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0)
+#/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0)
/var/spool/fcron -d context_template(system_u:object_r:cron_spool_t,s0)
/var/spool/fcron/.* <<none>>
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index d3fbbae..377808f 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -127,10 +127,8 @@ ifdef(`distro_redhat', `
')
')
-ifdef(`targeted_policy', `
- term_dontaudit_use_unallocated_tty(crond_t)
- term_dontaudit_use_generic_pty(crond_t)
- files_dontaudit_read_root_file(crond_t)
+ifdef(`targeted_policy',`
+ unconfined_domain_template(crond_t)
')
tunable_policy(`fcron_crond', `
More information about the scm-commits
mailing list