Re: transition from crond

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tracy Reed <treed@ultraviolet.org>
To: Sven Vermeulen <sven.vermeulen@siphos.be>
Cc: selinux@tycho.nsa.gov
Subject: Re: transition from crond
Date: Sun, 1 Jan 2012 00:28:16 -0800	[thread overview]
Message-ID: <20120101082815.GA10436@tracyreed.org> (raw)
In-Reply-To: <20111231103415.GA3510@siphos.be>

On Sat, Dec 31, 2011 at 11:34:15AM +0100, Sven Vermeulen spake thusly:
> This seems wrong. There's no need for an "ifdef" here. 
> 
> You probably want something like the following in your .te file:

Ah, thanks! I was just copying from the only example I could find of transitioning from crond:

http://www.linuxtopia.org/online_books/writing_SELinux_policy_guide/case_study_13.html

This is from 2003 or so and very outdated, no doubt. But it is the only such
example I could find. Is there any better documentation? 

Also, while your suggestion seems to have worked and I have eliminated quite a
few avc denials I am still getting this one:

type=AVC msg=audit(1325404861.508:99794): avc:  denied  { getattr } for  pid=5065 comm="perl" path="/automated_tasks/etc/mysql_auth.pm" dev =md0 ino=240014 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:automated_tasks_db_t:s0 tclass=file

mysql_auth.pm is a perl module included by email2feedback.pl. I would have
thought that this perl module would have been run under the email2feedback_t
type of the program it was being used in. What is the correct way to handle
this?

-- 
Tracy Reed

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

     prev parent reply	other threads:[~2012-01-01  8:28 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-30 18:51 transition from crond Tracy Reed
2011-12-31 10:34 ` Sven Vermeulen
2012-01-01  8:28   ` Tracy Reed [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120101082815.GA10436@tracyreed.org \
    --to=treed@ultraviolet.org \
    --cc=selinux@tycho.nsa.gov \
    --cc=sven.vermeulen@siphos.be \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.