Useful for the case that manage isn't requied. Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx> --- policy/modules/services/cron.if | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if index d40848ab..3278c216 100644 --- a/policy/modules/services/cron.if +++ b/policy/modules/services/cron.if @@ -706,6 +706,26 @@ interface(`cron_manage_system_spool',` manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t) ') +######################################## +## <summary> +## Read the system spool. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`cron_read_system_spool',` + gen_require(` + type system_cron_spool_t; + ') + + cron_search_spool($1) + list_dirs_pattern($1, system_cron_spool_t, system_cron_spool_t) + read_files_pattern($1, system_cron_spool_t, system_cron_spool_t) +') + ######################################## ## <summary> ## Read and write crond temporary files. -- 2.19.1
