add missing pieces of crond_t -> $1_crond_t transition

2005-06-01 19:01:28 +00:00 · 2005-06-01 19:01:28 +00:00 · 6d9915d615
parent 0447352aec
commit 6d9915d615
1 changed files with 4 additions and 0 deletions
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@ -46,6 +46,10 @@ allow $1_crond_t $1_cron_spool_t:file entrypoint;
 # transition, since crontabs are configuration files, not executables.
 allow crond_t $1_crond_t:process transition;
 dontaudit crond_t $1_crond_t:process { noatsecure siginh rlimitinh };
+allow crond_t $1_crond_t:fd use;
+allow $1_crond_t crond_t:fd use;
+allow $1_crond_t crond_t:fifo_file rw_file_perms;
+allow $1_crond_t crond_t:process sigchld;

 kernel_read_system_state($1_crond_t)
 kernel_read_kernel_sysctl($1_crond_t)