Overview

File suse_modifications_cron.patch of Package selinux-policy.37503

Index: serefpolicy-contrib-20140730/cron.fc
===================================================================
--- serefpolicy-contrib-20140730.orig/cron.fc	2015-08-13 10:13:01.320203530 +0200
+++ serefpolicy-contrib-20140730/cron.fc	2015-08-13 10:13:01.620208372 +0200
@@ -55,6 +55,8 @@ ifdef(`distro_suse', `
 /var/spool/cron/lastrun		-d	gen_context(system_u:object_r:crond_tmp_t,s0)
 /var/spool/cron/lastrun/[^/]*	--	<<none>>
 /var/spool/cron/tabs		-d	gen_context(system_u:object_r:cron_spool_t,s0)
+/var/spool/cron/tabs/root	--	gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
+/var/spool/cron/tabs/[^/]*	--	gen_context(system_u:object_r:user_cron_spool_t,s0)
 ')
 
 ifdef(`distro_debian',`
Index: serefpolicy-contrib-20140730/cron.te
===================================================================
--- serefpolicy-contrib-20140730.orig/cron.te	2015-08-13 10:13:01.320203530 +0200
+++ serefpolicy-contrib-20140730/cron.te	2015-08-13 10:13:01.620208372 +0200
@@ -841,3 +841,9 @@ tunable_policy(`cron_userdomain_transiti
 optional_policy(`
 	unconfined_domain(unconfined_cronjob_t)
 ')
+
+ifdef(`distro_suse',`
+	files_read_default_symlinks(crontab_t)
+	userdom_manage_user_home_dirs(crontab_t)
+	xserver_non_drawing_client(crontab_t)
+')
Index: serefpolicy-contrib-20140730/cron.if
===================================================================
--- serefpolicy-contrib-20140730.orig/cron.if	2015-08-13 10:13:01.320203530 +0200
+++ serefpolicy-contrib-20140730/cron.if	2015-08-13 10:14:06.153249993 +0200
@@ -158,7 +158,7 @@ interface(`cron_role',`
 #
 interface(`cron_unconfined_role',`
 	gen_require(`
-		type unconfined_cronjob_t, crontab_t, crontab_exec_t;
+		type unconfined_cronjob_t, admin_crontab_t, crontab_t, crontab_exec_t;
         type crond_t, user_cron_spool_t;
         bool cron_userdomain_transition;
 	')
@@ -168,14 +168,14 @@ interface(`cron_unconfined_role',`
     # Declarations
     #
     
-    role $1 types { unconfined_cronjob_t crontab_t };
+    role $1 types { unconfined_cronjob_t admin_crontab_t crontab_t };
 
     ##############################
     #
     # Local policy
     #
 
-    domtrans_pattern($2, crontab_exec_t, crontab_t)
+    domtrans_pattern($2, crontab_exec_t, admin_crontab_t)
 
     dontaudit crond_t $2:process { noatsecure siginh rlimitinh };
openSUSE Build Service is sponsored by
Places