diff options
| author |   Laurent Bigonville <bigon@bigon.be> | 2015-12-03 17:14:08 +0100 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2015-12-17 23:25:22 +0800 |
| commit | 59a36a9af02f67b9542922d6ab06586a42b2be2a (patch) | |
| tree | f939accc435afdbfd919e9f9a730553a5420e63a /config/appconfig-standard | |
| parent | Module version bump for utempter Debian helper from Laurent Bigonville. (diff) | |
| download | hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.tar.gz hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.tar.bz2 hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.zip | |
Allow the user cronjobs to run in their userdomain
When cron_userdomain_transition boolean is set to on, the user cronjobs
are supposed to run in their domains. Without this patch the default
context is not properly computed:
$ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0
/usr/sbin/getdefaultcon: Invalid argument
$ /usr/sbin/getdefaultcon staff_u system_u:system_r:crond_t:s0
staff_u:sysadm_r:sysadm_t:s0
With this patch applied:
$ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0
user_u:user_r:user_t:s0
$ /usr/sbin/getdefaultcon staff_ system_u:system_r:crond_t:s0
staff_u:staff_r:staff_t:s0
Diffstat (limited to 'config/appconfig-standard')
| -rw-r--r-- | config/appconfig-standard/default_contexts | 2 | ||||
| -rw-r--r-- | config/appconfig-standard/staff_u_default_contexts | 2 | ||||
| -rw-r--r-- | config/appconfig-standard/user_u_default_contexts | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/config/appconfig-standard/default_contexts b/config/appconfig-standard/default_contexts index 7aeba709..fcc65d67 100644 --- a/config/appconfig-standard/default_contexts +++ b/config/appconfig-standard/default_contexts @@ -1,4 +1,4 @@ -system_r:crond_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t +system_r:crond_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t system_r:atd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:local_login_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:remote_login_t user_r:user_t staff_r:staff_t unconfined_r:unconfined_t diff --git a/config/appconfig-standard/staff_u_default_contexts b/config/appconfig-standard/staff_u_default_contexts index 78a4792a..300694ce 100644 --- a/config/appconfig-standard/staff_u_default_contexts +++ b/config/appconfig-standard/staff_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t system_r:remote_login_t staff_r:staff_t system_r:sshd_t staff_r:staff_t sysadm_r:sysadm_t -system_r:crond_t staff_r:cronjob_t staff_r:staff_t +system_r:crond_t staff_r:staff_t staff_r:cronjob_t system_r:xdm_t staff_r:staff_t staff_r:staff_su_t staff_r:staff_t staff_r:staff_sudo_t staff_r:staff_t diff --git a/config/appconfig-standard/user_u_default_contexts b/config/appconfig-standard/user_u_default_contexts index 33ec3a17..63b7eecd 100644 --- a/config/appconfig-standard/user_u_default_contexts +++ b/config/appconfig-standard/user_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t user_r:user_t system_r:remote_login_t user_r:user_t system_r:sshd_t user_r:user_t -system_r:crond_t user_r:cronjob_t user_r:user_t +system_r:crond_t user_r:user_t user_r:cronjob_t system_r:xdm_t user_r:user_t user_r:user_su_t user_r:user_t user_r:user_sudo_t user_r:user_t |