|
Hi list,
We have a client who wants a service account’s crontab to run a ruby script in /var/www; this isn’t permitted by default and I have no idea what this script does but from past experience suspect it will generate an array of misleading AVCs if I go down
the route of allowing crontab_t to read httpdcontent attribute (ie. httpd_sys_rw_content_t, etc.) files and directories. Could someone please explain the rationale behind the policy design for user crontab confinement and how I should handle this situation?
Thanks,
Doug
|
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
