On Thu, 2004-07-01 at 08:14, Daniel J Walsh wrote: > Todays policycoreutils has a new cron job, fixfiles.cron, that will run > in /etc/cron.daily. This script will run a check on the file system on > a daily basis looking for file contexts in the wrong state. It will > them mail a list of files with the incorrect context to the root account. > > The following environment variables are set and can be overridden in the > /etc/selinux/config directory. > > CRONTYPE="check" # You could change this to "restore" to have the > script automatically clean up > INVALIDFILE=/var/tmp/badcontext # Name of the file to store the > badcontext file list > CRONMAILTO="root" # Account to send mail to > > Suggestions on improvements? Comments? Has the policy been adjusted to allow this to run? Is it being run in system_crond_t (I would assume, given that it is under /etc/cron.daily) or sysadm_crond_t (should only be applied to /var/spool/cron/root)? -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
