From 558fe7df412e86f450840f05b1274e213eaf20ab Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Wed, 16 Nov 2011 16:52:17 +0100 Subject: [PATCH] Backport fixes from RHEL6 to make cronjobs working in MLS --- policy/modules/roles/sysadm.te | 1 + policy/modules/services/cron.te | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te index 0d1af63e..b8f0df4a 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -141,6 +141,7 @@ optional_policy(` optional_policy(` cron_admin_role(sysadm_r, sysadm_t) + cron_role(sysadm_r, sysadm_t) ') optional_policy(` diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index a2e960c6..230cbb29 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -226,6 +226,17 @@ files_search_default(crond_t) fs_manage_cgroup_dirs(crond_t) fs_manage_cgroup_files(crond_t) +# needed by "crontab -e" +mls_file_read_all_levels(crond_t) +mls_file_write_all_levels(crond_t) + +# needed because of kernel check of transition +mls_process_set_level(crond_t) + +# to make cronjob working +mls_fd_share_all_levels(crond_t) +mls_trusted_object(crond_t) + init_read_state(crond_t) init_rw_utmp(crond_t) init_spec_domtrans_script(crond_t) -- 2.47.3