Right context for /var/spool/cron/crontabs/root
yersinia
yersinia.spiros at gmail.com
Tue Jan 18 17:40:49 UTC 2011
On Tue, Jan 18, 2011 at 5:46 PM, Luciano Furtado <lrfurtado at yahoo.com.br>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi group,
>
> Why does the context of the crontab spool directory is set to <<none>>
> on /etc/selinux/default/contexts/files/file_contexts
>
> /var/spool/cron/crontabs/.* -- <<none>>
>
> In FC12 was the same. No avc But i am using vixie-cron.
>
> Is cron_spool_t the right context for this file ?
>
> Yes
sesearch --allow -s crond_t -t cron_spool_t -c file -p read | more
Found 2 semantic av rules:
allow files_unconfined_type file_type : file { ioctl read write create
getattr setattr lock relabelfrom relabelto append unlink link rename execute
swapon
quotaon mounton execute_no_trans entrypoint open } ;
allow crond_t cron_spool_t : file { ioctl read write create getattr
setattr lock append unlink link rename open } ;
Regards
>
>
> Best Regards.
> Luciano
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJNNcPPAAoJENgwSj9ZOOwrnn8H/3j2IYdio26kI96nYN7CbNaE
> Oq0BjWWAsiwxcBMtA8V6ZpWQo4KE7L9+kI3CV/q04Nt2M03f+OV7dQM1OOcoEYqr
> t7yBPqTXQL1/2R8gEQu9pfS+b3+9k/buU9ynFT8mFe/ZHXNZwGTzJ6n4aBfwk9X1
> xw9J634HmBC5CDsYg9G7kNKCUjSP/Yi392l4yMZxvGwhelvIlzjoxC3b3ulrD+L1
> GlrGcFnZpiX9KZBfvlTeIzW1lNuFJAAYUihnW97B5wUbzU0qXcdo6JMUzb2S85Wg
> reFoPWk9BRjOaFMqV49Jnc1/JgA4A5sCBE3lzHQmw6gRGwrOTjKSNewTt6J9VXE=
> =2h4M
> -----END PGP SIGNATURE-----
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110118/f75208a3/attachment.html
More information about the selinux
mailing list