Attached is the patch that I used to make version 3.0.1-1.3. Just including
it for future reference.
diff -u fcron-3.0.1.bak/conf.c fcron-3.0.1/conf.c
--- fcron-3.0.1.bak/conf.c 2006-02-07 08:44:52.000000000 +1100
+++ fcron-3.0.1/conf.c 2008-10-29 15:05:04.000000000 +1100
@@ -440,9 +440,13 @@
int rc;
#ifdef WITH_SELINUX
int flask_enabled = is_selinux_enabled();
- int retval;
+ security_context_t current_con;
+ security_context_t *context_list = NULL;
+ int retval, list_count = 0, i;
struct av_decision avd;
const char *user_name;
+ char *seuser = NULL;
+ char *level = NULL;
#endif
/* open file */
@@ -511,12 +515,33 @@
user_name = cf->cf_user;
if(flask_enabled)
{
- if(get_default_context(user_name, NULL, &cf->cf_user_context))
- error_e("NO CONTEXT for user \"%s\"", cf->cf_user_context);
- retval = security_compute_av(cf->cf_user_context, cf->cf_file_context
+ if (getseuserbyname(user_name, &seuser, &level))
+ error_e("Can't get a login->user mapping for \"%s\"", user_name);
+
+ if(getcon(¤t_con))
+ error_e("Can't get context of fcron");
+
+ list_count = get_ordered_context_list_with_level(seuser, level, current_con, &context_list);
+ free(level);
+ freecon(current_con);
+ free(seuser);
+
+ if (list_count == -1)
+ error_e("NO CONTEXTS for user \"%s\"", cf->cf_user_context);
+
+ for(i = 0; i < list_count; i++)
+ {
+ retval = security_compute_av(context_list[i], cf->cf_file_context
, SECCLASS_FILE, FILE__ENTRYPOINT, &avd);
+ if(!retval && ((FILE__ENTRYPOINT & avd.allowed) == FILE__ENTRYPOINT))
+ {
+ cf->cf_user_context = strdup(context_list[i]);
+ freeconary(context_list);
+ break;
+ }
- if(retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT))
+ }
+ if(i == list_count)
{
syslog(LOG_ERR, "ENTRYPOINT FAILED for user \"%s\" "
"(CONTEXT %s) for file CONTEXT %s"
