On Thu, 2004-07-01 at 08:14, Daniel J Walsh wrote:
Todays policycoreutils has a new cron job, fixfiles.cron, that will
run
in /etc/cron.daily. This script will run a check on the file system on
a daily basis looking for file contexts in the wrong state. It will
them mail a list of files with the incorrect context to the root account.
The following environment variables are set and can be overridden in the
/etc/selinux/config directory.
CRONTYPE="check" # You could change this to "restore" to have the
script automatically clean up
INVALIDFILE=/var/tmp/badcontext # Name of the file to store the
badcontext file list
CRONMAILTO="root" # Account to send mail to
Suggestions on improvements? Comments?
Has the policy been adjusted to allow this to run? Is it being run in
system_crond_t (I would assume, given that it is under /etc/cron.daily)
or sysadm_crond_t (should only be applied to /var/spool/cron/root)?
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency