nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mandb: permit to read inherited cron files

Browse Source 
Each night /etc/cron.daily/man-db generates some AVC:
allow mandb_t system_cronjob_tmp_t:file { read write };

Add the necessary rules for it.

Signed-off-by: Corentin LABBE <clabbe.montjoie@gmail.com>
This commit is contained in:
Corentin LABBE 2023-01-05 16:42:10 +01:00
parent 95d5195d8c
commit 6732acf8b7
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/apps/mandb.te
View File

@ -59,5 +59,6 @@ ifdef(`init_systemd',`
') ')
optional_policy(` optional_policy(`
cron_rw_inherited_system_job_tmp_files(mandb_t)
cron_system_entry(mandb_t, mandb_exec_t) cron_system_entry(mandb_t, mandb_exec_t)
') ')