Backport fixes from RHEL6 to make cronjobs working in MLS

author Miroslav Grepl <mgrepl@redhat.com>

Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)

committer Miroslav Grepl <mgrepl@redhat.com>

Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)
author Miroslav Grepl <mgrepl@redhat.com>
Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)
committer Miroslav Grepl <mgrepl@redhat.com>
Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te

index 0d1af63e42aa30648237664fb3274579510ae788..b8f0df4a77e6b9cca5a3410241aeda2f1fcebded 100644 (file)
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -141,6 +141,7 @@ optional_policy(`
  
  optional_policy(`
         cron_admin_role(sysadm_r, sysadm_t)
+       cron_role(sysadm_r, sysadm_t)
  ')
  
  optional_policy(`
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te

index a2e960c6beff66b621d86a40741ab4ffefb24f01..230cbb299e475edf937d61b66f6f9894fe035d49 100644 (file)
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -226,6 +226,17 @@ files_search_default(crond_t)
  fs_manage_cgroup_dirs(crond_t)
  fs_manage_cgroup_files(crond_t)
  
+# needed by "crontab -e"
+mls_file_read_all_levels(crond_t)
+mls_file_write_all_levels(crond_t)
+
+# needed because of kernel check of transition
+mls_process_set_level(crond_t)
+
+# to make cronjob working
+mls_fd_share_all_levels(crond_t)
+mls_trusted_object(crond_t)
+
  init_read_state(crond_t)
  init_rw_utmp(crond_t)
  init_spec_domtrans_script(crond_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Wed, 16 Nov 2011 15:52:17 +0000 (16:52 +0100)
policy/modules/roles/sysadm.te		patch \| blob \| blame \| history
policy/modules/services/cron.te		patch \| blob \| blame \| history