commit: 9b8a447824f56c4c8cb7427b8d791287f4a4b03a
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Thu Apr 24 16:53:11 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Apr 27 15:28:35 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9b8a4478
Move sock_file filetrans to fcron_crond conditional.
Also drop the name in the filetrans.
---
policy/modules/contrib/cron.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index da85d9b..8cf6dc8 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -234,7 +234,6 @@ logging_log_filetrans(crond_t, cron_log_t, file)
manage_files_pattern(crond_t, crond_var_run_t, crond_var_run_t)
files_pid_filetrans(crond_t, crond_var_run_t, file)
-files_pid_filetrans(crond_t, crond_var_run_t, sock_file, "fcron.fifo")
manage_files_pattern(crond_t, cron_spool_t, cron_spool_t)
@@ -349,6 +348,7 @@ tunable_policy(`allow_polyinstantiation',`
tunable_policy(`fcron_crond',`
allow crond_t { system_cron_spool_t user_cron_spool_t }:file
manage_file_perms;
allow crond_t crond_var_run_t:sock_file manage_sock_file_perms;
+ files_pid_filetrans(crond_t, crond_var_run_t, sock_file)
')
optional_policy(`
