On Tue, Jan 18, 2011 at 5:46 PM, Luciano Furtado <lrfurtado@yahoo.com.br> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi group,

Why does the context of the crontab spool directory is set to <<none>>
on /etc/selinux/default/contexts/files/file_contexts

/var/spool/cron/crontabs/.* -- <<none>>

In FC12 was the same. No avc But i am using vixie-cron.

Is cron_spool_t the right context for this file ?

Yes

sesearch --allow -s crond_t -t cron_spool_t -c file -p read | more
Found 2 semantic av rules:
allow files_unconfined_type file_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon
quotaon mounton execute_no_trans entrypoint open } ;
allow crond_t cron_spool_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;

Regards

Best Regards.
Luciano
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNNcPPAAoJENgwSj9ZOOwrnn8H/3j2IYdio26kI96nYN7CbNaE
Oq0BjWWAsiwxcBMtA8V6ZpWQo4KE7L9+kI3CV/q04Nt2M03f+OV7dQM1OOcoEYqr
t7yBPqTXQL1/2R8gEQu9pfS+b3+9k/buU9ynFT8mFe/ZHXNZwGTzJ6n4aBfwk9X1
xw9J634HmBC5CDsYg9G7kNKCUjSP/Yi392l4yMZxvGwhelvIlzjoxC3b3ulrD+L1
GlrGcFnZpiX9KZBfvlTeIzW1lNuFJAAYUihnW97B5wUbzU0qXcdo6JMUzb2S85Wg
reFoPWk9BRjOaFMqV49Jnc1/JgA4A5sCBE3lzHQmw6gRGwrOTjKSNewTt6J9VXE=
=2h4M
-----END PGP SIGNATURE-----

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux