RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make crond able to polyinstantiate all. 

As one of entrypoint application, crond_t should have had the
files_polyinstantiate_all() interface called so that pam_namespace.so
could work well in crond_t. Otherwise the crond_t lacks the sys_admin
permission to make use of pam_namespace.so

BTW, the allow_polyinstantiation boolean need to be toggled true
accordingly.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
This commit is contained in:
Harry Ciao 2011-02-11 15:03:10 +08:00 committed by Chris PeBenito
parent 1cc285ff3f
commit af2fcbd6ae
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/services/cron.te
View File

@ -241,6 +241,10 @@ ifdef(`distro_redhat', `
') ')
') ')
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all(crond_t)
')
tunable_policy(`fcron_crond', ` tunable_policy(`fcron_crond', `
allow crond_t system_cron_spool_t:file manage_file_perms; allow crond_t system_cron_spool_t:file manage_file_perms;
') ')