diff --git a/refpolicy/policy/modules/services/cron.fc b/refpolicy/policy/modules/services/cron.fc index a9e2714..04937cf 100644 --- a/refpolicy/policy/modules/services/cron.fc +++ b/refpolicy/policy/modules/services/cron.fc @@ -23,13 +23,13 @@ /var/spool/at/[^/]* -- <> /var/spool/cron -d context_template(system_u:object_r:cron_spool_t,s0) -/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) +#/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) /var/spool/cron/[^/]* -- <> /var/spool/cron/crontabs -d context_template(system_u:object_r:cron_spool_t,s0) /var/spool/cron/crontabs/.* -- <> -/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) +#/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) /var/spool/fcron -d context_template(system_u:object_r:cron_spool_t,s0) /var/spool/fcron/.* <> diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index d3fbbae..377808f 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -127,10 +127,8 @@ ifdef(`distro_redhat', ` ') ') -ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(crond_t) - term_dontaudit_use_generic_pty(crond_t) - files_dontaudit_read_root_file(crond_t) +ifdef(`targeted_policy',` + unconfined_domain_template(crond_t) ') tunable_policy(`fcron_crond', `