On Monday 22 December 2008 09:13:05 am Alain PORTAL wrote:
> I think that fcron should be the default scheduler in fedora.
> fcron, with the service fcron_watch_config activated should now be
> 100% compatible with vixie-cron (cronie). The fcron_watch_config stuff
> is a bit convoluted (3 scripts and one C program...) but should work.
>
> The advantages over cronie are the following:
> * it also does what anacron does
> * it has more features
> * instead of waking up every minutes to look at config files, like
> cronie do, it uses inotify to watch the config. This should lead to
> less awaking and certainly be interesting for power saving in some
> situations
There are some disadvantages, too.
1) it does not support polyinstantiation - needed for MLS
2) It also does not send audit events based on denying a cron job.
3) Its pam settings do not support the audit system out of the box.
4) Its default pam settings need alignment with vixie-cron in general.
It would appear to not have had security reviews like vixie-cron has. In a few
minutes I found what appears to be a potentially serious security problem.
I've reported it upstream last week and no reply at all. I have not done a
full code review like I would for our cert efforts, so there may be more
problems waiting.
Do you intend to package fcron for EPEL?
You have to be careful switching out core pieces of software that performs a
security sensitive role. The lack of attacks on most of Fedora is due to
years of review and feedback on code.
-Steve