fixfile.cron added.
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 8 18:40:31 UTC 2004
Stephen Smalley wrote:
>On Thu, 2004-07-08 at 13:40, Ivan Gyurdiev wrote:
>
>
>>I'll report any problems I see with this cron (94).
>>
>>
>
>Likely need the following rules added to crond.te:
>
>r_dir_file(system_crond_t, file_context_t)
>can_getsecurity(system_crond_t)
>
>
>
We might want to add a tunable to allow system_crond_t to exec
setfiles_t. You can modify the
/etc/selinux/config file and add
CRONTYPE="restore"
CRONMAILTO="dwalsh at redhat.com"
Which would cause setfiles to restore the security contexts when
fixfiles.cron runs. and send mail to the specified user.
Dan
More information about the selinux
mailing list