diff options
| author |   Henrik Grindal Bakken <henribak@cisco.com> | 2024-10-15 12:09:49 +0200 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-12-14 16:16:11 -0800 |
| commit | 7b9ed137b6acc4b35b3203fc9e1761cbcd4193ae (patch) | |
| tree | 77488a890442a69a5d53e124e68a5c5adf0f8c4c /policy | |
| parent | build-userspace/setools.yml: Cache built userspace. (diff) | |
| download | hardened-refpolicy-7b9ed137b6acc4b35b3203fc9e1761cbcd4193ae.tar.gz hardened-refpolicy-7b9ed137b6acc4b35b3203fc9e1761cbcd4193ae.tar.bz2 hardened-refpolicy-7b9ed137b6acc4b35b3203fc9e1761cbcd4193ae.zip | |
cron: Remove too greedy file context grab
This regexp will match lots of unintended files, for example things
created by tempfile patterns (could include "cron"), and also things
inside subdirectories.
It feels like a better approach would be to find actual directories
used, or at the very least to limit it to files directly under /run.
Signed-off-by: Henrik Grindal Bakken <henribak@cisco.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy')
| -rw-r--r-- | policy/modules/services/cron.fc | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc index ee64e81e4..e8a8966bc 100644 --- a/policy/modules/services/cron.fc +++ b/policy/modules/services/cron.fc @@ -33,7 +33,6 @@ /run/cron(d)?\.reboot -- gen_context(system_u:object_r:crond_runtime_t,s0) /run/fcron\.fifo -s gen_context(system_u:object_r:crond_runtime_t,s0) /run/fcron\.pid -- gen_context(system_u:object_r:crond_runtime_t,s0) -/run/.*cron.* -- gen_context(system_u:object_r:crond_runtime_t,s0) /var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) |