#DESC crond 
#
# Authors:  Daniel Walsh <dwalsh@redhat.com>
#

#################################
#
# Rules for the crond domain.
#
# crond_exec_t is the type of the /usr/sbin/crond and other programs.
# This domain is defined just for targeted policy.
#
type crond_exec_t, file_type, sysadmfile, exec_type;
type crond_t, domain, privuser, privrole, privfd, privowner;
typealias crond_t alias system_crond_t;
type anacron_exec_t, file_type, sysadmfile, exec_type;
type system_crond_tmp_t, file_type, tmpfile, sysadmfile;
type system_cron_spool_t, file_type, sysadmfile;
type sysadm_cron_spool_t, file_type, sysadmfile;
role system_r types crond_t;
domain_auto_trans(initrc_t, crond_exec_t, crond_t)
domain_auto_trans(initrc_t, anacron_exec_t, crond_t)
# Access log files
file_type_auto_trans(crond_t, user_home_dir_t, user_home_t)
file_type_auto_trans(crond_t, tmp_t, system_crond_tmp_t)
var_run_domain(crond)

ifdef(`targeted_policy', `
unconfined_domain(crond_t)
allow crond_t initrc_t:dbus send_msg;
allow crond_t unconfined_t:dbus send_msg;
allow crond_t unconfined_t:process transition;
')