diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-12-09 23:18:12 +0100 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-12-09 23:25:28 +0100 |
| commit | 6781a229103f86614de39d4e0eb302f58740ce36 (patch) | |
| tree | 7966fac534bf96edcf00878abe4f18fb533515a4 /policy/modules/contrib/cron.fc | |
| parent | Introducing openrc module (diff) | |
| download | hardened-refpolicy-6781a229103f86614de39d4e0eb302f58740ce36.tar.gz hardened-refpolicy-6781a229103f86614de39d4e0eb302f58740ce36.tar.bz2 hardened-refpolicy-6781a229103f86614de39d4e0eb302f58740ce36.zip | |
Move out at code from cron
This is a first attempt to move out the at code from the cron domain towards its
own domain. The services cron and at are different in how they act, plus that
atd is not SELinux-aware, so I think we cannot use the default_contexts approach.
Also, at interprets the job files but doesn't execute it (it spawns a shell that
reads in the file and executes the content).
Still a lot of work, but it is fun to see how all this interacts...
What I will *not* do is extend atd_t (or if I move to an atd_userjob_t) with
more privileges.
Diffstat (limited to 'policy/modules/contrib/cron.fc')
| -rw-r--r-- | policy/modules/contrib/cron.fc | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc index a7bfe6df..552de9cb 100644 --- a/policy/modules/contrib/cron.fc +++ b/policy/modules/contrib/cron.fc @@ -1,13 +1,9 @@ -/etc/rc\.d/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0) - /etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) /etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0) -/usr/bin/at -- gen_context(system_u:object_r:crontab_exec_t,s0) /usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0) /usr/sbin/anacron -- gen_context(system_u:object_r:anacron_exec_t,s0) -/usr/sbin/atd -- gen_context(system_u:object_r:crond_exec_t,s0) /usr/sbin/cron(d)? -- gen_context(system_u:object_r:crond_exec_t,s0) /usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0) /usr/sbin/fcronsighup -- gen_context(system_u:object_r:crontab_exec_t,s0) @@ -18,7 +14,6 @@ /var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0) /var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/crond?\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0) @@ -26,8 +21,6 @@ /var/run/.*cron.* -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) -/var/spool/at(/.*)? gen_context(system_u:object_r:user_cron_spool_t,s0) -/var/spool/at/atspool(/.*)? gen_context(system_u:object_r:user_cron_spool_log_t,s0) /var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0) #/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) |