Stephen Smalley wrote:
On Thu, 2004-07-08 at 13:40, Ivan Gyurdiev wrote:
>I'll report any problems I see with this cron (94).
>
>
Likely need the following rules added to crond.te:
r_dir_file(system_crond_t, file_context_t)
can_getsecurity(system_crond_t)
We might want to add a tunable to allow system_crond_t to exec
setfiles_t. You can modify the
/etc/selinux/config file and add
CRONTYPE="restore"
CRONMAILTO="dwalsh(a)redhat.com"
Which would cause setfiles to restore the security contexts when
fixfiles.cron runs. and send mail to the specified user.
Dan