more fixes for targeted

2005-07-19 19:37:43 +00:00 · 2005-07-19 19:37:43 +00:00 · ec848d247f
commit ec848d247f
parent 2ec4c9d38f
2 changed files with 4 additions and 6 deletions
--- a/refpolicy/policy/modules/services/cron.fc
+++ b/refpolicy/policy/modules/services/cron.fc
@ -23,13 +23,13 @@
 /var/spool/at/[^/]*		--	<<none>>
 /var/spool/cron			-d	context_template(system_u:object_r:cron_spool_t,s0)
-/var/spool/cron/root		--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
+#/var/spool/cron/root		--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
 /var/spool/cron/[^/]*		--	<<none>>
 /var/spool/cron/crontabs 	-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/cron/crontabs/.*	--	<<none>>
-/var/spool/cron/crontabs/root	--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
+#/var/spool/cron/crontabs/root	--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
 /var/spool/fcron		-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/fcron/.*			<<none>>
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@ -127,10 +127,8 @@ ifdef(`distro_redhat', `
 	')
 ')
-ifdef(`targeted_policy', `
+ifdef(`targeted_policy',`
-	term_dontaudit_use_unallocated_tty(crond_t)
+	unconfined_domain_template(crond_t)
 	term_dontaudit_use_generic_pty(crond_t)
 	files_dontaudit_read_root_file(crond_t)
 ')
 tunable_policy(`fcron_crond', `