fixfile.cron added.

Daniel J Walsh dwalsh at redhat.com
Thu Jul 8 18:40:31 UTC 2004


Stephen Smalley wrote:

>On Thu, 2004-07-08 at 13:40, Ivan Gyurdiev wrote:
>  
>
>>I'll report any problems I see with this cron (94).
>>    
>>
>
>Likely need the following rules added to crond.te:
>
>r_dir_file(system_crond_t, file_context_t)
>can_getsecurity(system_crond_t)
>
>  
>
We might want to add a tunable to allow system_crond_t to exec 
setfiles_t.   You can modify the
/etc/selinux/config file and add
CRONTYPE="restore"
CRONMAILTO="dwalsh at redhat.com"

Which would cause setfiles to restore the security contexts when 
fixfiles.cron runs. and send mail to the specified user.

Dan



More information about the selinux mailing list