fix cron_system_entry() rules

2006-08-16 13:52:18 +00:00 · 2006-08-16 13:52:18 +00:00 · 3573908f1c
commit 3573908f1c
parent 33c7e6b4e8
2 changed files with 3 additions and 2 deletions
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@ -322,7 +322,6 @@ interface(`cron_system_entry',`

 	# cjp: perhaps these four rules from the old
 	# domain_auto_trans are not needed?
-	allow system_crond_t $1:fd use;
 	allow $1 system_crond_t:fd use;
 	allow $1 system_crond_t:fifo_file rw_file_perms;
 	allow $1 system_crond_t:process sigchld;
@ -330,6 +329,8 @@ interface(`cron_system_entry',`
 	allow $1 crond_t:fifo_file rw_file_perms;
 	allow $1 crond_t:fd use;
 	allow $1 crond_t:process sigchld;
+
+	role system_r types $1;
 ')

 ########################################
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@ -1,5 +1,5 @@

-policy_module(cron,1.3.9)
+policy_module(cron,1.3.10)

 gen_require(`
 	class passwd rootok;