diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index 03e08c5..77ba948 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -205,6 +205,10 @@ allow system_crond_t system_cron_spool_t:file { getattr read }; # transition, since crontabs are configuration files, not executables. allow crond_t system_crond_t:process transition; dontaudit crond_t system_crond_t:process { noatsecure siginh rlimitinh }; +allow crond_t system_crond_t:fd use; +allow system_crond_t crond_t:fd use; +allow system_crond_t crond_t:fifo_file rw_file_perms; +allow system_crond_t crond_t:process sigchld; # Write /var/lock/makewhatis.lock. allow system_crond_t system_crond_lock_t:file { create ioctl read getattr lock write setattr append link unlink rename };