Make crond able to polyinstantiate all.
As one of entrypoint application, crond_t should have had the files_polyinstantiate_all() interface called so that pam_namespace.so could work well in crond_t. Otherwise the crond_t lacks the sys_admin permission to make use of pam_namespace.so BTW, the allow_polyinstantiation boolean need to be toggled true accordingly. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
This commit is contained in:
parent
1cc285ff3f
commit
af2fcbd6ae
|
@ -241,6 +241,10 @@ ifdef(`distro_redhat', `
|
|||
')
|
||||
')
|
||||
|
||||
tunable_policy(`allow_polyinstantiation',`
|
||||
files_polyinstantiate_all(crond_t)
|
||||
')
|
||||
|
||||
tunable_policy(`fcron_crond', `
|
||||
allow crond_t system_cron_spool_t:file manage_file_perms;
|
||||
')
|
||||
|
|
Loading…
Reference in New Issue