[redhat-lspp] Re: This looks like cron is running jobs in the wrong context.

Janak Desai Fri, 08 Sep 2006 14:21:22 -0700

Daniel J Walsh wrote:


allow user_crond_t apmd_log_t:file getattr;
allow user_crond_t cupsd_log_t:dir read;
allow user_crond_t devlog_t:sock_file write;
allow user_crond_t httpd_log_t:dir read;
allow user_crond_t logwatch_cache_t:dir read;
allow user_crond_t man_t:dir { getattr read search };
allow user_crond_t print_spool_t:dir search;
allow user_crond_t rpm_log_t:file { getattr write };
allow user_crond_t sendmail_exec_t:file entrypoint;
allow user_crond_t tmp_t:dir { read write };
allow user_crond_t var_lib_t:dir { getattr search };
allow user_crond_t var_lock_t:dir search;
allow user_crond_t var_log_t:dir read;
allow user_crond_t var_log_t:file getattr;

These should be running in system_crond_t? This is logwatch creatingmost of these. Do

you think the latest patch is causing this?


Latest patch to the policy or cron? Jason's patch to
cron gets context from the job, checks if the cron
daemon can switch into that context, and then calls
setexeccon with that context.

-Janak

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

[redhat-lspp] Re: This looks like cron is running jobs in the wrong context.

Reply via email to