crond_t

crond_t

[Russell Coker]

It seems that the domain crond_t needs the attribute privfd.  The number of 
things that are run from cron jobs demands it.  A user of the rawhide policy 
reported a problem running ping from a cron job on IRC.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: crond_t

[Daniel J Walsh]

Russell Coker wrote:

>It seems that the domain crond_t needs the attribute privfd.  The number of 
>things that are run from cron jobs demands it.  A user of the rawhide policy 
>reported a problem running ping from a cron job on IRC.
>
>  
>
crond_t has privfd.

Are you talking about system_crond_t and friends?

-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: crond_t

[Russell Coker]

On Saturday 09 July 2005 00:25, Daniel J Walsh <dwalsh@redhat.com> wrote:
> Russell Coker wrote:
> >It seems that the domain crond_t needs the attribute privfd.  The number
> > of things that are run from cron jobs demands it.  A user of the rawhide
> > policy reported a problem running ping from a cron job on IRC.
>
> crond_t has privfd.

In which version?  selinux-policy-targeted-sources-1.24-3 doesn't have it.

> Are you talking about system_crond_t and friends?

No, the domain_auto_trans() rules from those domains give the fd use rules 
that are needed.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: crond_t

[Daniel J Walsh]

Russell Coker wrote:

>On Saturday 09 July 2005 00:25, Daniel J Walsh <dwalsh@redhat.com> wrote:
>  
>
>>Russell Coker wrote:
>>    
>>
>>>It seems that the domain crond_t needs the attribute privfd.  The number
>>>of things that are run from cron jobs demands it.  A user of the rawhide
>>>policy reported a problem running ping from a cron job on IRC.
>>>      
>>>
>>crond_t has privfd.
>>    
>>
>
>In which version?  selinux-policy-targeted-sources-1.24-3 doesn't have it.
>
>  
>
>>Are you talking about system_crond_t and friends?
>>    
>>
>
>No, the domain_auto_trans() rules from those domains give the fd use rules 
>that are needed.
>
>  
>
It is in strict policy, not in targeted.
selinux-policy-*-1.25.1-6

Dan

-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.