commit: 0ace931ace4b0f237c27301c052bd1d3571349d8
Author: Corentin LABBE <clabbe.montjoie <AT> gmail <DOT> com>
AuthorDate: Thu Jan 5 15:42:10 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Mon Feb 13 15:24:01 2023 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0ace931a
mandb: permit to read inherited cron files
Each night /etc/cron.daily/man-db generates some AVC:
allow mandb_t system_cronjob_tmp_t:file { read write };
Add the necessary rules for it.
Signed-off-by: Corentin LABBE <clabbe.montjoie <AT> gmail.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/apps/mandb.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/apps/mandb.te b/policy/modules/apps/mandb.te
index f136a90ae..5dd7cf7a5 100644
--- a/policy/modules/apps/mandb.te
+++ b/policy/modules/apps/mandb.te
@@ -59,5 +59,6 @@ ifdef(`init_systemd',`
')
optional_policy(`
+ cron_rw_inherited_system_job_tmp_files(mandb_t)
cron_system_entry(mandb_t, mandb_exec_t)
')
