Stephen Smalley wrote:
On Thu, 2004-07-08 at 13:40, Ivan Gyurdiev wrote:We might want to add a tunable to allow system_crond_t to exec setfiles_t. You can modify the
I'll report any problems I see with this cron (94).
Likely need the following rules added to crond.te:
r_dir_file(system_crond_t, file_context_t) can_getsecurity(system_crond_t)
/etc/selinux/config file and add
CRONTYPE="restore"
CRONMAILTO="dwalsh@xxxxxxxxxx"
Which would cause setfiles to restore the security contexts when fixfiles.cron runs. and send mail to the specified user.
Dan
