1 |
commit: ff9df3107bf73727c374843433256498fbdc408d |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Thu Nov 1 21:27:55 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Thu Nov 1 21:27:55 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ff9df310 |
7 |
|
8 |
Reshuffle gentoo specific cron changes |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/cron.te | 7 +++++-- |
12 |
1 files changed, 5 insertions(+), 2 deletions(-) |
13 |
|
14 |
diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te |
15 |
index 1776b24..f52462d 100644 |
16 |
--- a/policy/modules/contrib/cron.te |
17 |
+++ b/policy/modules/contrib/cron.te |
18 |
@@ -59,7 +59,6 @@ typealias cronjob_t alias { user_crond_t staff_crond_t sysadm_crond_t }; |
19 |
typealias cronjob_t alias { auditadm_crond_t secadm_crond_t }; |
20 |
domain_type(cronjob_t) |
21 |
domain_cron_exemption_target(cronjob_t) |
22 |
-domain_interactive_fd(cronjob_t) |
23 |
corecmd_shell_entry_type(cronjob_t) |
24 |
ubac_constrained(cronjob_t) |
25 |
|
26 |
@@ -102,7 +101,6 @@ type system_cronjob_t alias system_crond_t; |
27 |
init_daemon_domain(system_cronjob_t, anacron_exec_t) |
28 |
corecmd_shell_entry_type(system_cronjob_t) |
29 |
domain_entry_file(system_cronjob_t, system_cron_spool_t) |
30 |
-domain_interactive_fd(system_cronjob_t) |
31 |
|
32 |
type system_cronjob_lock_t alias system_crond_lock_t; |
33 |
files_lock_file(system_cronjob_lock_t) |
34 |
@@ -123,6 +121,11 @@ files_type(user_cron_spool_t) |
35 |
ubac_constrained(user_cron_spool_t) |
36 |
mta_system_content(user_cron_spool_t) |
37 |
|
38 |
+ifdef(`distro_gentoo',` |
39 |
+ domain_interactive_fd(cronjob_t) |
40 |
+ domain_interactive_fd(system_cronjob_t) |
41 |
+') |
42 |
+ |
43 |
ifdef(`enable_mcs',` |
44 |
init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh) |
45 |
') |