commit: 0ace931ace4b0f237c27301c052bd1d3571349d8 Author: Corentin LABBE <clabbe.montjoie <AT> gmail <DOT> com> AuthorDate: Thu Jan 5 15:42:10 2023 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Feb 13 15:24:01 2023 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0ace931a
mandb: permit to read inherited cron files Each night /etc/cron.daily/man-db generates some AVC: allow mandb_t system_cronjob_tmp_t:file { read write }; Add the necessary rules for it. Signed-off-by: Corentin LABBE <clabbe.montjoie <AT> gmail.com> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/apps/mandb.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/apps/mandb.te b/policy/modules/apps/mandb.te index f136a90ae..5dd7cf7a5 100644 --- a/policy/modules/apps/mandb.te +++ b/policy/modules/apps/mandb.te @@ -59,5 +59,6 @@ ifdef(`init_systemd',` ') optional_policy(` + cron_rw_inherited_system_job_tmp_files(mandb_t) cron_system_entry(mandb_t, mandb_exec_t) ')