I think this has been talked about a little, but I'd like some feedback on having cron jobs execute directly in the user domain rather than in a special cron job domain. Was there a specific reason cron jobs were not done this way from the start? To be more specific, right now cron jobs will execute under user_crond_t, staff_crond_t, etc. My thought is to have them run under user_t, staff_t, etc. It seems logical since that tends to be how users see cron jobs: running as the user/having the same permissions as the user. The system cron jobs (system_crond_t) would be unchanged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
