fixfile.cron added.
Stephen Smalley
sds at epoch.ncsc.mil
Wed Jul 7 16:29:27 UTC 2004
On Thu, 2004-07-01 at 08:14, Daniel J Walsh wrote:
> Todays policycoreutils has a new cron job, fixfiles.cron, that will run
> in /etc/cron.daily. This script will run a check on the file system on
> a daily basis looking for file contexts in the wrong state. It will
> them mail a list of files with the incorrect context to the root account.
>
> The following environment variables are set and can be overridden in the
> /etc/selinux/config directory.
>
> CRONTYPE="check" # You could change this to "restore" to have the
> script automatically clean up
> INVALIDFILE=/var/tmp/badcontext # Name of the file to store the
> badcontext file list
> CRONMAILTO="root" # Account to send mail to
>
> Suggestions on improvements? Comments?
Has the policy been adjusted to allow this to run? Is it being run in
system_crond_t (I would assume, given that it is under /etc/cron.daily)
or sysadm_crond_t (should only be applied to /var/spool/cron/root)?
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list