diff --git a/policy/modules/services/audioentropy.fc b/policy/modules/services/audioentropy.fc
index bcf3e1c..001235e 100644
--- a/policy/modules/services/audioentropy.fc
+++ b/policy/modules/services/audioentropy.fc
@@ -2,3 +2,5 @@
# /usr
#
/usr/sbin/audio-entropyd -- gen_context(system_u:object_r:entropyd_exec_t,s0)
+
+/var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0)
diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te
index 64a716a..d56d600 100644
--- a/policy/modules/services/audioentropy.te
+++ b/policy/modules/services/audioentropy.te
@@ -1,5 +1,5 @@
-policy_module(audio_entropy, 1.4.1)
+policy_module(audio_entropy, 1.4.2)
########################################
#
@@ -35,6 +35,10 @@ dev_write_urand(entropyd_t)
dev_read_rand(entropyd_t)
dev_write_rand(entropyd_t)
dev_read_sound(entropyd_t)
+# set sound card parameters such as
+# sample format, number of channels
+# and sample rate.
+dev_write_sound(entropyd_t)
fs_getattr_all_fs(entropyd_t)
fs_search_auto_mountpoints(entropyd_t)
diff --git a/policy/modules/services/avahi.fc b/policy/modules/services/avahi.fc
index 49dcc5f..01a01a7 100644
--- a/policy/modules/services/avahi.fc
+++ b/policy/modules/services/avahi.fc
@@ -1,5 +1,9 @@
+/etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
/usr/sbin/avahi-daemon -- gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0)
+/usr/sbin/avahi-autoipd -- gen_context(system_u:object_r:avahi_exec_t,s0)
/var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
+
+/usr/lib/avahi-autoipd(/.*) gen_context(system_u:object_r:avahi_var_lib_t,s0)
diff --git a/policy/modules/services/avahi.if b/policy/modules/services/avahi.if
index 607c113..74823c8 100644
--- a/policy/modules/services/avahi.if
+++ b/policy/modules/services/avahi.if
@@ -2,6 +2,61 @@
########################################
##
+## Execute avahi server in the avahi domain.
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+#
+interface(`avahi_domtrans',`
+ gen_require(`
+ type avahi_exec_t, avahi_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, avahi_exec_t, avahi_t)
+')
+
+########################################
+##
+## Send avahi a signal
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+#
+interface(`avahi_signal',`
+ gen_require(`
+ type avahi_t;
+ ')
+
+ allow $1 avahi_t:process signal;
+')
+
+########################################
+##
+## Send avahi a kill signal.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`avahi_kill',`
+ gen_require(`
+ type avahi_t;
+ ')
+
+ allow $1 avahi_t:process sigkill;
+')
+
+########################################
+##
## Send and receive messages from
## avahi over dbus.
##
@@ -57,3 +112,38 @@ interface(`avahi_dontaudit_search_pid',`
dontaudit $1 avahi_var_run_t:dir search_dir_perms;
')
+
+########################################
+##
+## All of the rules required to administrate
+## an avahi environment
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## The role to be allowed to manage the avahi domain.
+##
+##
+##
+#
+interface(`avahi_admin',`
+ gen_require(`
+ type avahi_t, avahi_var_run_t;
+ type avahi_initrc_exec_t;
+ ')
+
+ allow $1 avahi_t:process { ptrace signal_perms };
+ ps_process_pattern($1, avahi_t)
+
+ init_labeled_script_domtrans($1, avahi_initrc_exec_t)
+ domain_system_change_exemption($1)
+ role_transition $2 avahi_initrc_exec_t system_r;
+ allow $2 system_r;
+
+ files_list_pids($1)
+ admin_pattern($1, avahi_var_run_t)
+')
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index 8120ad5..719990a 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
-policy_module(avahi, 1.9.1)
+policy_module(avahi, 1.9.2)
########################################
#
@@ -10,6 +10,12 @@ type avahi_t;
type avahi_exec_t;
init_daemon_domain(avahi_t, avahi_exec_t)
+type avahi_initrc_exec_t;
+init_script_file(avahi_initrc_exec_t)
+
+type avahi_var_lib_t;
+files_pid_file(avahi_var_lib_t)
+
type avahi_var_run_t;
files_pid_file(avahi_var_run_t)
@@ -20,13 +26,17 @@ files_pid_file(avahi_var_run_t)
allow avahi_t self:capability { dac_override setgid chown fowner kill setuid sys_chroot };
dontaudit avahi_t self:capability sys_tty_config;
-allow avahi_t self:process { setrlimit signal_perms setcap };
+allow avahi_t self:process { setrlimit signal_perms getcap setcap };
allow avahi_t self:fifo_file rw_fifo_file_perms;
allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow avahi_t self:unix_dgram_socket create_socket_perms;
allow avahi_t self:tcp_socket create_stream_socket_perms;
allow avahi_t self:udp_socket create_socket_perms;
+manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
+manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
+files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
+
manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
allow avahi_t avahi_var_run_t:dir setattr;
@@ -73,6 +83,7 @@ init_signull_script(avahi_t)
logging_send_syslog_msg(avahi_t)
miscfiles_read_localization(avahi_t)
+miscfiles_read_certs(avahi_t)
userdom_dontaudit_use_unpriv_user_fds(avahi_t)
userdom_dontaudit_search_user_home_dirs(avahi_t)
diff --git a/policy/modules/services/bluetooth.fc b/policy/modules/services/bluetooth.fc
index 3cb34d0..caa9338 100644
--- a/policy/modules/services/bluetooth.fc
+++ b/policy/modules/services/bluetooth.fc
@@ -3,6 +3,9 @@
#
/etc/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_conf_t,s0)
/etc/bluetooth/link_key gen_context(system_u:object_r:bluetooth_conf_rw_t,s0)
+/etc/rc\.d/init\.d/bluetooth -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/dund -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/pand -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
#
# /usr
@@ -21,4 +24,6 @@
# /var
#
/var/lib/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
+
+/var/run/bluetoothd_address gen_context(system_u:object_r:bluetooth_var_run_t,s0)
/var/run/sdp -s gen_context(system_u:object_r:bluetooth_var_run_t,s0)
diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
index edf2769..f6028fd 100644
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@@ -152,3 +152,56 @@ interface(`bluetooth_dontaudit_read_helper_state',`
dontaudit $1 bluetooth_helper_t:dir search;
dontaudit $1 bluetooth_helper_t:file { read getattr };
')
+
+########################################
+##
+## All of the rules required to administrate
+## an bluetooth environment
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## The role to be allowed to manage the bluetooth domain.
+##
+##
+##
+#
+interface(`bluetooth_admin',`
+ gen_require(`
+ type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
+ type bluetooth_spool_t, bluetooth_var_lib_t, bluetooth_var_run_t;
+ type bluetooth_conf_t, bluetooth_conf_rw_t;
+ type bluetooth_initrc_exec_t;
+ ')
+
+ allow $1 bluetooth_t:process { ptrace signal_perms };
+ ps_process_pattern($1, bluetooth_t)
+
+ init_labeled_script_domtrans($1, bluetooth_initrc_exec_t)
+ domain_system_change_exemption($1)
+ role_transition $2 bluetooth_initrc_exec_t system_r;
+ allow $2 system_r;
+
+ files_list_tmp($1)
+ admin_pattern($1, bluetooth_tmp_t)
+
+ files_list_var($1)
+ admin_pattern($1, bluetooth_lock_t)
+
+ files_list_etc($1)
+ admin_pattern($1, bluetooth_conf_t)
+ admin_pattern($1, bluetooth_conf_rw_t)
+
+ files_list_spool($1)
+ admin_pattern($1, bluetooth_spool_t)
+
+ files_list_var_lib($1)
+ admin_pattern($1, bluetooth_var_lib_t)
+
+ files_list_pids($1)
+ admin_pattern($1, bluetooth_var_run_t)
+')
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index 302dd11..ad014bd 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
-policy_module(bluetooth, 3.0.0)
+policy_module(bluetooth, 3.0.1)
########################################
#
@@ -34,6 +34,9 @@ typealias bluetooth_helper_tmpfs_t alias { auditadm_bluetooth_helper_tmpfs_t sec
files_tmpfs_file(bluetooth_helper_tmpfs_t)
ubac_constrained(bluetooth_helper_tmpfs_t)
+type bluetooth_initrc_exec_t;
+init_script_file(bluetooth_initrc_exec_t)
+
type bluetooth_lock_t;
files_lock_file(bluetooth_lock_t)
@@ -51,14 +54,14 @@ files_pid_file(bluetooth_var_run_t)
# Bluetooth services local policy
#
-allow bluetooth_t self:capability { net_bind_service net_admin net_raw sys_tty_config ipc_lock };
+allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw sys_tty_config ipc_lock };
dontaudit bluetooth_t self:capability sys_tty_config;
allow bluetooth_t self:process { getsched signal_perms };
allow bluetooth_t self:fifo_file rw_fifo_file_perms;
allow bluetooth_t self:shm create_shm_perms;
allow bluetooth_t self:socket create_stream_socket_perms;
allow bluetooth_t self:unix_dgram_socket create_socket_perms;
-allow bluetooth_t self:unix_stream_socket create_stream_socket_perms;
+allow bluetooth_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow bluetooth_t self:tcp_socket create_stream_socket_perms;
allow bluetooth_t self:udp_socket create_socket_perms;
@@ -106,6 +109,7 @@ dev_read_sysfs(bluetooth_t)
dev_rw_usbfs(bluetooth_t)
dev_rw_generic_usb_dev(bluetooth_t)
dev_read_urand(bluetooth_t)
+dev_rw_input_dev(bluetooth_t)
fs_getattr_all_fs(bluetooth_t)
fs_search_auto_mountpoints(bluetooth_t)
@@ -124,12 +128,13 @@ files_read_etc_files(bluetooth_t)
files_read_etc_runtime_files(bluetooth_t)
files_read_usr_files(bluetooth_t)
+auth_use_nsswitch(bluetooth_t)
+
logging_send_syslog_msg(bluetooth_t)
miscfiles_read_localization(bluetooth_t)
miscfiles_read_fonts(bluetooth_t)
-
-sysnet_read_config(bluetooth_t)
+miscfiles_read_hwdata(bluetooth_t)
userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
userdom_dontaudit_use_user_terminals(bluetooth_t)
@@ -138,6 +143,10 @@ userdom_dontaudit_search_user_home_dirs(bluetooth_t)
optional_policy(`
dbus_system_bus_client(bluetooth_t)
dbus_connect_system_bus(bluetooth_t)
+
+ optional_policy(`
+ cups_dbus_chat(bluetooth_t)
+ ')
')
optional_policy(`
diff --git a/policy/modules/services/dcc.if b/policy/modules/services/dcc.if
index 80102a7..7073379 100644
--- a/policy/modules/services/dcc.if
+++ b/policy/modules/services/dcc.if
@@ -66,6 +66,24 @@ interface(`dcc_domtrans_client',`
########################################
##
+## Send a signal to the dcc_client.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`dcc_signal_client',`
+ gen_require(`
+ type dcc_client_t;
+ ')
+
+ allow $1 dcc_client_t:process signal;
+')
+
+########################################
+##
## Execute dcc_client in the dcc_client domain, and
## allow the specified role the dcc_client domain.
##
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
index baddef3..d49af9a 100644
--- a/policy/modules/services/dcc.te
+++ b/policy/modules/services/dcc.te
@@ -1,5 +1,5 @@
-policy_module(dcc, 1.6.1)
+policy_module(dcc, 1.6.2)
########################################
#
@@ -105,25 +105,20 @@ corenet_udp_sendrecv_all_ports(cdcc_t)
files_read_etc_files(cdcc_t)
files_read_etc_runtime_files(cdcc_t)
+auth_use_nsswitch(cdcc_t)
+
logging_send_syslog_msg(cdcc_t)
miscfiles_read_localization(cdcc_t)
-sysnet_read_config(cdcc_t)
-sysnet_dns_name_resolve(cdcc_t)
-
userdom_use_user_terminals(cdcc_t)
-optional_policy(`
- nscd_socket_use(cdcc_t)
-')
-
########################################
#
# dcc procmail interface local policy
#
-allow dcc_client_t self:capability setuid;
+allow dcc_client_t self:capability { setuid setgid };
allow dcc_client_t self:unix_dgram_socket create_socket_perms;
allow dcc_client_t self:udp_socket create_socket_perms;
@@ -138,6 +133,8 @@ allow dcc_client_t dcc_var_t:dir list_dir_perms;
read_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
read_lnk_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
+kernel_read_system_state(dcc_client_t)
+
corenet_all_recvfrom_unlabeled(dcc_client_t)
corenet_all_recvfrom_netlabel(dcc_client_t)
corenet_udp_sendrecv_generic_if(dcc_client_t)
@@ -147,17 +144,16 @@ corenet_udp_sendrecv_all_ports(dcc_client_t)
files_read_etc_files(dcc_client_t)
files_read_etc_runtime_files(dcc_client_t)
+auth_use_nsswitch(dcc_client_t)
+
logging_send_syslog_msg(dcc_client_t)
miscfiles_read_localization(dcc_client_t)
-sysnet_read_config(dcc_client_t)
-sysnet_dns_name_resolve(dcc_client_t)
-
userdom_use_user_terminals(dcc_client_t)
optional_policy(`
- nscd_socket_use(dcc_client_t)
+ spamassassin_read_spamd_tmp_files(dcc_client_t)
')
########################################
@@ -189,19 +185,14 @@ corenet_udp_sendrecv_all_ports(dcc_dbclean_t)
files_read_etc_files(dcc_dbclean_t)
files_read_etc_runtime_files(dcc_dbclean_t)
+auth_use_nsswitch(dcc_dbclean_t)
+
logging_send_syslog_msg(dcc_dbclean_t)
miscfiles_read_localization(dcc_dbclean_t)
-sysnet_read_config(dcc_dbclean_t)
-sysnet_dns_name_resolve(dcc_dbclean_t)
-
userdom_use_user_terminals(dcc_dbclean_t)
-optional_policy(`
- nscd_socket_use(dcc_dbclean_t)
-')
-
########################################
#
# Server daemon local policy
@@ -259,21 +250,16 @@ files_read_etc_runtime_files(dccd_t)
fs_getattr_all_fs(dccd_t)
fs_search_auto_mountpoints(dccd_t)
+auth_use_nsswitch(dccd_t)
+
logging_send_syslog_msg(dccd_t)
miscfiles_read_localization(dccd_t)
-sysnet_read_config(dccd_t)
-sysnet_dns_name_resolve(dccd_t)
-
userdom_dontaudit_use_unpriv_user_fds(dccd_t)
userdom_dontaudit_search_user_home_dirs(dccd_t)
optional_policy(`
- nscd_socket_use(dccd_t)
-')
-
-optional_policy(`
seutil_sigchld_newrole(dccd_t)
')
@@ -329,21 +315,16 @@ files_read_etc_runtime_files(dccifd_t)
fs_getattr_all_fs(dccifd_t)
fs_search_auto_mountpoints(dccifd_t)
+auth_use_nsswitch(dccifd_t)
+
logging_send_syslog_msg(dccifd_t)
miscfiles_read_localization(dccifd_t)
-sysnet_read_config(dccifd_t)
-sysnet_dns_name_resolve(dccifd_t)
-
userdom_dontaudit_use_unpriv_user_fds(dccifd_t)
userdom_dontaudit_search_user_home_dirs(dccifd_t)
optional_policy(`
- nscd_socket_use(dccifd_t)
-')
-
-optional_policy(`
seutil_sigchld_newrole(dccifd_t)
')
@@ -398,21 +379,16 @@ files_read_etc_runtime_files(dccm_t)
fs_getattr_all_fs(dccm_t)
fs_search_auto_mountpoints(dccm_t)
+auth_use_nsswitch(dccm_t)
+
logging_send_syslog_msg(dccm_t)
miscfiles_read_localization(dccm_t)
-sysnet_read_config(dccm_t)
-sysnet_dns_name_resolve(dccm_t)
-
userdom_dontaudit_use_unpriv_user_fds(dccm_t)
userdom_dontaudit_search_user_home_dirs(dccm_t)
optional_policy(`
- nscd_socket_use(dccm_t)
-')
-
-optional_policy(`
seutil_sigchld_newrole(dccm_t)
')
diff --git a/policy/modules/services/hal.fc b/policy/modules/services/hal.fc
index 130c317..cd17ac5 100644
--- a/policy/modules/services/hal.fc
+++ b/policy/modules/services/hal.fc
@@ -9,6 +9,7 @@
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
/usr/libexec/hald-addon-macbook-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
+/usr/sbin/radeontool -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
@@ -17,7 +18,7 @@
/var/lib/hal(/.*)? gen_context(system_u:object_r:hald_var_lib_t,s0)
/var/log/pm(/.*)? gen_context(system_u:object_r:hald_log_t,s0)
-/var/log/pm-suspend\.log gen_context(system_u:object_r:hald_log_t,s0)
+/var/log/pm-.*\.log gen_context(system_u:object_r:hald_log_t,s0)
/var/run/hald(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
/var/run/haldaemon\.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
diff --git a/policy/modules/services/hal.if b/policy/modules/services/hal.if
index e95a24c..43c653c 100644
--- a/policy/modules/services/hal.if
+++ b/policy/modules/services/hal.if
@@ -20,6 +20,45 @@ interface(`hal_domtrans',`
########################################
##
+## Get the attributes of a hal process.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`hal_getattr',`
+ gen_require(`
+ type hald_t;
+ ')
+
+ allow $1 hald_t:process getattr;
+')
+
+########################################
+##
+## Read hal system state
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`hal_read_state',`
+ gen_require(`
+ type hald_t;
+ ')
+
+ allow $1 hald_t:dir list_dir_perms;
+ read_files_pattern($1, hald_t, hald_t)
+ read_lnk_files_pattern($1, hald_t, hald_t)
+ dontaudit $1 hald_t:process ptrace;
+')
+
+########################################
+##
## Allow ptrace of hal domain
##
##
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
index 3e49a36..04ec5ae 100644
--- a/policy/modules/services/hal.te
+++ b/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
-policy_module(hal, 1.10.1)
+policy_module(hal, 1.10.2)
########################################
#
@@ -297,6 +297,10 @@ optional_policy(`
vbetool_domtrans(hald_t)
')
+optional_policy(`
+ virt_manage_images(hald_t)
+')
+
########################################
#
# Hal acl local policy
@@ -338,6 +342,8 @@ storage_setattr_removable_dev(hald_acl_t)
auth_use_nsswitch(hald_acl_t)
+logging_send_syslog_msg(hald_acl_t)
+
miscfiles_read_localization(hald_acl_t)
########################################
@@ -345,6 +351,8 @@ miscfiles_read_localization(hald_acl_t)
# Local hald mac policy
#
+allow hald_mac_t self:capability { setgid setuid };
+
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
allow hald_mac_t hald_t:unix_stream_socket connectto;
@@ -353,6 +361,8 @@ manage_dirs_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_mac_t)
+write_files_pattern(hald_mac_t, hald_log_t, hald_log_t)
+
kernel_read_system_state(hald_mac_t)
dev_read_raw_memory(hald_mac_t)
@@ -360,6 +370,9 @@ dev_write_raw_memory(hald_mac_t)
dev_read_sysfs(hald_mac_t)
files_read_usr_files(hald_mac_t)
+files_read_etc_files(hald_mac_t)
+
+auth_use_nsswitch(hald_mac_t)
miscfiles_read_localization(hald_mac_t)
@@ -379,6 +392,8 @@ manage_dirs_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_sonypic_t)
+write_files_pattern(hald_sonypic_t, hald_log_t, hald_log_t)
+
files_read_usr_files(hald_sonypic_t)
miscfiles_read_localization(hald_sonypic_t)
@@ -396,12 +411,10 @@ manage_dirs_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_keymap_t)
+write_files_pattern(hald_keymap_t, hald_log_t, hald_log_t)
+
dev_rw_input_dev(hald_keymap_t)
files_read_usr_files(hald_keymap_t)
miscfiles_read_localization(hald_keymap_t)
-
-# This is caused by a bug in hald and PolicyKit.
-# Should be removed when this is fixed
-#cron_read_system_job_lib_files(hald_t)