[refpolicy] [PATCH 1/1] Cronjobs might create temporary directories

Sven Vermeulen sven.vermeulen at siphos.be
Wed Sep 21 14:23:32 CDT 2011


Cronjobs, like makewhatis, want to create temporary directories
(and not only just temporary files).

We allow a filetrans in tmp_t for directories as well, and allow
system_cronjob_t to manage files and directories of
system_cronjob_tmp_t.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 cron.te |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/cron.te b/cron.te
index f22d27c..07e2697 100644
--- a/cron.te
+++ b/cron.te
@@ -334,11 +334,13 @@ allow system_cronjob_t crond_t:process sigchld;
 allow system_cronjob_t system_cronjob_lock_t:file manage_file_perms;
 files_lock_filetrans(system_cronjob_t, system_cronjob_lock_t, file)
 
-# write temporary files
+# write temporary files/directories
 manage_files_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t)
+manage_files_pattern(system_cronjob_t, system_cronjob_tmp_t, system_cronjob_tmp_t)
+manage_dirs_pattern(system_cronjob_t, system_cronjob_tmp_t, system_cronjob_tmp_t)
 manage_lnk_files_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t)
 filetrans_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t, { file lnk_file })
-files_tmp_filetrans(system_cronjob_t, system_cronjob_tmp_t, file)
+files_tmp_filetrans(system_cronjob_t, system_cronjob_tmp_t, { file dir })
 
 # Read from /var/spool/cron.
 allow system_cronjob_t cron_spool_t:dir list_dir_perms;
-- 
1.7.3.4



More information about the refpolicy mailing list