Allow the user cronjobs to run in their userdomain

When cron_userdomain_transition boolean is set to on, the user cronjobs are supposed to run in their domains. Without this patch the default context is not properly computed: $ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0 /usr/sbin/getdefaultcon: Invalid argument $ /usr/sbin/getdefaultcon staff_u system_u:system_r:crond_t:s0 staff_u:sysadm_r:sysadm_t:s0 With this patch applied: $ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0 user_u:user_r:user_t:s0 $ /usr/sbin/getdefaultcon staff_ system_u:system_r:crond_t:s0 staff_u:staff_r:staff_t:s0
author: Laurent Bigonville <bigon@bigon.be> 2015-12-03 17:14:08 +0100
committer: Jason Zaman <jason@perfinion.com> 2015-12-17 23:25:22 +0800
commit: 59a36a9af02f67b9542922d6ab06586a42b2be2a (patch)
tree: f939accc435afdbfd919e9f9a730553a5420e63a /config
parent: Module version bump for utempter Debian helper from Laurent Bigonville. (diff)
download: hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.tar.gz
hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.tar.bz2
hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.zip
9 files changed, 9 insertions, 9 deletions
diff --git a/config/appconfig-mcs/default_contexts b/config/appconfig-mcs/default_contexts
index 0bb7393d..6d2e4070 100644
--- a/config/appconfig-mcs/default_contexts
+++ b/config/appconfig-mcs/default_contexts
@@ -1,4 +1,4 @@
-system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
+system_r:crond_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
 system_r:atd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
diff --git a/config/appconfig-mcs/staff_u_default_contexts b/config/appconfig-mcs/staff_u_default_contexts
index d230e08a..5606c4ea 100644
--- a/config/appconfig-mcs/staff_u_default_contexts
+++ b/config/appconfig-mcs/staff_u_default_contexts
@@ -1,7 +1,7 @@
 system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 system_r:remote_login_t:s0	staff_r:staff_t:s0
 system_r:sshd_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-system_r:crond_t:s0		staff_r:cronjob_t:s0 staff_r:staff_t:s0
+system_r:crond_t:s0		staff_r:staff_t:s0 staff_r:cronjob_t:s0
 system_r:xdm_t:s0		staff_r:staff_t:s0
 staff_r:staff_su_t:s0		staff_r:staff_t:s0
 staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
diff --git a/config/appconfig-mcs/user_u_default_contexts b/config/appconfig-mcs/user_u_default_contexts
index 78d234e4..56d6071c 100644
--- a/config/appconfig-mcs/user_u_default_contexts
+++ b/config/appconfig-mcs/user_u_default_contexts
@@ -1,7 +1,7 @@
 system_r:local_login_t:s0	user_r:user_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0
 system_r:sshd_t:s0		user_r:user_t:s0
-system_r:crond_t:s0		user_r:cronjob_t:s0 user_r:user_t:s0
+system_r:crond_t:s0		user_r:user_t:s0 user_r:cronjob_t:s0
 system_r:xdm_t:s0		user_r:user_t:s0
 user_r:user_su_t:s0		user_r:user_t:s0
 user_r:user_sudo_t:s0		user_r:user_t:s0
diff --git a/config/appconfig-mls/default_contexts b/config/appconfig-mls/default_contexts
index 0bb7393d..6d2e4070 100644
--- a/config/appconfig-mls/default_contexts
+++ b/config/appconfig-mls/default_contexts
@@ -1,4 +1,4 @@
-system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
+system_r:crond_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
 system_r:atd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
diff --git a/config/appconfig-mls/staff_u_default_contexts b/config/appconfig-mls/staff_u_default_contexts
index d230e08a..5606c4ea 100644
--- a/config/appconfig-mls/staff_u_default_contexts
+++ b/config/appconfig-mls/staff_u_default_contexts
@@ -1,7 +1,7 @@
 system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 system_r:remote_login_t:s0	staff_r:staff_t:s0
 system_r:sshd_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-system_r:crond_t:s0		staff_r:cronjob_t:s0 staff_r:staff_t:s0
+system_r:crond_t:s0		staff_r:staff_t:s0 staff_r:cronjob_t:s0
 system_r:xdm_t:s0		staff_r:staff_t:s0
 staff_r:staff_su_t:s0		staff_r:staff_t:s0
 staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
diff --git a/config/appconfig-mls/user_u_default_contexts b/config/appconfig-mls/user_u_default_contexts
index 78d234e4..56d6071c 100644
--- a/config/appconfig-mls/user_u_default_contexts
+++ b/config/appconfig-mls/user_u_default_contexts
@@ -1,7 +1,7 @@
 system_r:local_login_t:s0	user_r:user_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0
 system_r:sshd_t:s0		user_r:user_t:s0
-system_r:crond_t:s0		user_r:cronjob_t:s0 user_r:user_t:s0
+system_r:crond_t:s0		user_r:user_t:s0 user_r:cronjob_t:s0
 system_r:xdm_t:s0		user_r:user_t:s0
 user_r:user_su_t:s0		user_r:user_t:s0
 user_r:user_sudo_t:s0		user_r:user_t:s0
diff --git a/config/appconfig-standard/default_contexts b/config/appconfig-standard/default_contexts
index 7aeba709..fcc65d67 100644
--- a/config/appconfig-standard/default_contexts
+++ b/config/appconfig-standard/default_contexts
@@ -1,4 +1,4 @@
-system_r:crond_t	user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t
+system_r:crond_t	user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t
 system_r:atd_t		user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
 system_r:local_login_t	user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
 system_r:remote_login_t	user_r:user_t staff_r:staff_t unconfined_r:unconfined_t
diff --git a/config/appconfig-standard/staff_u_default_contexts b/config/appconfig-standard/staff_u_default_contexts
index 78a4792a..300694ce 100644
--- a/config/appconfig-standard/staff_u_default_contexts
+++ b/config/appconfig-standard/staff_u_default_contexts
@@ -1,7 +1,7 @@
 system_r:local_login_t		staff_r:staff_t sysadm_r:sysadm_t
 system_r:remote_login_t		staff_r:staff_t
 system_r:sshd_t			staff_r:staff_t sysadm_r:sysadm_t
-system_r:crond_t		staff_r:cronjob_t staff_r:staff_t
+system_r:crond_t		staff_r:staff_t staff_r:cronjob_t
 system_r:xdm_t			staff_r:staff_t
 staff_r:staff_su_t		staff_r:staff_t
 staff_r:staff_sudo_t		staff_r:staff_t
diff --git a/config/appconfig-standard/user_u_default_contexts b/config/appconfig-standard/user_u_default_contexts
index 33ec3a17..63b7eecd 100644
--- a/config/appconfig-standard/user_u_default_contexts
+++ b/config/appconfig-standard/user_u_default_contexts
@@ -1,7 +1,7 @@
 system_r:local_login_t		user_r:user_t
 system_r:remote_login_t		user_r:user_t
 system_r:sshd_t			user_r:user_t
-system_r:crond_t		user_r:cronjob_t user_r:user_t
+system_r:crond_t		user_r:user_t user_r:cronjob_t
 system_r:xdm_t			user_r:user_t
 user_r:user_su_t		user_r:user_t
 user_r:user_sudo_t		user_r:user_t
author	Laurent Bigonville <bigon@bigon.be>	2015-12-03 17:14:08 +0100
committer	Jason Zaman <jason@perfinion.com>	2015-12-17 23:25:22 +0800
commit	59a36a9af02f67b9542922d6ab06586a42b2be2a (patch)
tree	f939accc435afdbfd919e9f9a730553a5420e63a /config
parent	Module version bump for utempter Debian helper from Laurent Bigonville. (diff)
download	hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.tar.gz hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.tar.bz2 hardened-refpolicy-59a36a9af02f67b9542922d6ab06586a42b2be2a.zip