diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if index 9339350af..f5a9d0412 100644 --- a/refpolicy/policy/modules/services/cron.if +++ b/refpolicy/policy/modules/services/cron.if @@ -46,6 +46,10 @@ allow $1_crond_t $1_cron_spool_t:file entrypoint; # transition, since crontabs are configuration files, not executables. allow crond_t $1_crond_t:process transition; dontaudit crond_t $1_crond_t:process { noatsecure siginh rlimitinh }; +allow crond_t $1_crond_t:fd use; +allow $1_crond_t crond_t:fd use; +allow $1_crond_t crond_t:fifo_file rw_file_perms; +allow $1_crond_t crond_t:process sigchld; kernel_read_system_state($1_crond_t) kernel_read_kernel_sysctl($1_crond_t)