From ec848d247f563b01bb7338b2ef8a00c00c67c0bc Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 19 Jul 2005 19:37:43 +0000 Subject: [PATCH] more fixes for targeted --- refpolicy/policy/modules/services/cron.fc | 4 ++-- refpolicy/policy/modules/services/cron.te | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/refpolicy/policy/modules/services/cron.fc b/refpolicy/policy/modules/services/cron.fc index a9e271462..04937cf3e 100644 --- a/refpolicy/policy/modules/services/cron.fc +++ b/refpolicy/policy/modules/services/cron.fc @@ -23,13 +23,13 @@ /var/spool/at/[^/]* -- <> /var/spool/cron -d context_template(system_u:object_r:cron_spool_t,s0) -/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) +#/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) /var/spool/cron/[^/]* -- <> /var/spool/cron/crontabs -d context_template(system_u:object_r:cron_spool_t,s0) /var/spool/cron/crontabs/.* -- <> -/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) +#/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) /var/spool/fcron -d context_template(system_u:object_r:cron_spool_t,s0) /var/spool/fcron/.* <> diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index d3fbbaebb..377808fa5 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -127,10 +127,8 @@ ifdef(`distro_redhat', ` ') ') -ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(crond_t) - term_dontaudit_use_generic_pty(crond_t) - files_dontaudit_read_root_file(crond_t) +ifdef(`targeted_policy',` + unconfined_domain_template(crond_t) ') tunable_policy(`fcron_crond', `