[refpolicy] [PATCH 34/34]: patch to allow the cron daemon to manage sysadm keys

[Guido Trentalancia]

This patch has been added as needed after recent (> 02022011) changes
affecting the cron module. Apparently the cron daemon needs to manage
sysadm_t keys after such changes have been applied.

diff -pruN refpolicy-git-15022011-test/policy/modules/roles/sysadm.if refpolicy-git-15022011-test-new/policy/modules/roles/sysadm.if
--- refpolicy-git-15022011-test/policy/modules/roles/sysadm.if	2011-01-08 19:07:21.214736932 +0100
+++ refpolicy-git-15022011-test-new/policy/modules/roles/sysadm.if	2011-02-16 04:17:41.524236287 +0100
@@ -221,6 +221,24 @@ interface(`sysadm_use_fds',`
 
 ########################################
 ## <summary>
+##      Manage sysadm key.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`sysadm_manage_key',`
+	gen_require(`
+		type sysadm_t;
+	')
+
+	allow $1 sysadm_t:key manage_key_perms;
+')
+
+########################################
+## <summary>
 ##	Read and write sysadm user unnamed pipes.
 ## </summary>
 ## <param name="domain">
Binary files refpolicy-git-15022011-test/policy/modules/services/.cron.if.swp and refpolicy-git-15022011-test-new/policy/modules/services/.cron.if.swp differ
diff -pruN refpolicy-git-15022011-test/policy/modules/services/cron.te refpolicy-git-15022011-test-new/policy/modules/services/cron.te
--- refpolicy-git-15022011-test/policy/modules/services/cron.te	2011-02-16 04:13:46.685864393 +0100
+++ refpolicy-git-15022011-test-new/policy/modules/services/cron.te	2011-02-16 04:18:49.415329553 +0100
@@ -216,6 +216,8 @@ seutil_read_config(crond_t)
 seutil_read_default_contexts(crond_t)
 seutil_sigchld_newrole(crond_t)
 
+sysadm_manage_key(crond_t)
+
 miscfiles_read_localization(crond_t)
 
 userdom_use_unpriv_users_fds(crond_t)