624abc4f54
When cron_userdomain_transition boolean is set to on, the user cronjobs
are supposed to run in their domains. Without this patch the default
context is not properly computed:
$ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0
/usr/sbin/getdefaultcon: Invalid argument
$ /usr/sbin/getdefaultcon staff_u system_u:system_r:crond_t:s0
staff_u:sysadm_r:sysadm_t:s0
With this patch applied:
$ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0
user_u:user_r:user_t:s0
$ /usr/sbin/getdefaultcon staff_ system_u:system_r:crond_t:s0
staff_u:staff_r:staff_t:s0
16 lines
951 B
Plaintext
16 lines
951 B
Plaintext
system_r:crond_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t
|
|
system_r:local_login_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
|
|
system_r:remote_login_t user_r:user_t staff_r:staff_t unconfined_r:unconfined_t
|
|
system_r:sshd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
|
|
system_r:sulogin_t sysadm_r:sysadm_t
|
|
system_r:xdm_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
|
|
|
|
staff_r:staff_su_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
|
|
staff_r:staff_sudo_t sysadm_r:sysadm_t staff_r:staff_t
|
|
|
|
sysadm_r:sysadm_su_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
|
|
sysadm_r:sysadm_sudo_t sysadm_r:sysadm_t
|
|
|
|
user_r:user_su_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
|
|
user_r:user_sudo_t sysadm_r:sysadm_t user_r:user_t
|