commit: bdd606c36e4b163f5dee262d0c450a74efcd208c
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Fri Feb 24 01:03:08 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 25 14:50:53 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bdd606c3
Systemd fixes from Russell Coker.
policy/modules/contrib/cron.if | 19 +++++++++++++++++++
policy/modules/contrib/cron.te | 2 +-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/cron.if b/policy/modules/contrib/cron.if
index c6dec2c3..6737f53c 100644
--- a/policy/modules/contrib/cron.if
+++ b/policy/modules/contrib/cron.if
@@ -686,6 +686,25 @@ interface(`cron_use_system_job_fds',`
########################################
## <summary>
+## Create, read, write, and delete the system spool.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cron_manage_system_spool',`
+ gen_require(`
+ type cron_system_spool_t;
+ ')
+
+ files_search_spool($1)
+ manage_files_pattern($1, cron_system_spool_t, cron_system_spool_t)
+')
+
+########################################
+## <summary>
## Read system cron job lib files.
## </summary>
## <param name="domain">
diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index 905deb16..3513e1f2 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -1,4 +1,4 @@
-policy_module(cron, 2.11.0)
+policy_module(cron, 2.11.1)
gen_require(`
class passwd rootok;
