fixfile.cron added.

Stephen Smalley sds at epoch.ncsc.mil
Wed Jul 7 16:29:27 UTC 2004


On Thu, 2004-07-01 at 08:14, Daniel J Walsh wrote:
> Todays policycoreutils has a new cron job, fixfiles.cron, that will run 
> in /etc/cron.daily.   This script will run a check on the file system on 
> a daily basis looking for file contexts in the wrong state.  It will 
> them mail a list of files with the incorrect context to the root account. 
> 
> The following environment variables are set and can be overridden in the 
> /etc/selinux/config directory.
> 
> CRONTYPE="check"  # You could change this to "restore" to have the 
> script automatically clean up
> INVALIDFILE=/var/tmp/badcontext # Name of the file to store the 
> badcontext file list
> CRONMAILTO="root"  # Account to send mail to
> 
> Suggestions on improvements?  Comments?

Has the policy been adjusted to allow this to run?  Is it being run in
system_crond_t (I would assume, given that it is under /etc/cron.daily)
or sysadm_crond_t (should only be applied to /var/spool/cron/root)?

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the selinux mailing list