Skip to content

Commit

Permalink
cron: Remove too greedy file context grab
Browse files Browse the repository at this point in the history 
This regexp will match lots of unintended files, for example things
created by tempfile patterns (could include "cron"), and also things
inside subdirectories.

It feels like a better approach would be to find actual directories
used, or at the very least to limit it to files directly under /run.

Signed-off-by: Henrik Grindal Bakken <[email protected]>
  • Loading branch information
@henribak-te
henribak-te committed Oct 15, 2024
1 parent 3d0b229 commit e62996c
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion policy/modules/services/cron.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
/run/cron(d)?\.reboot -- gen_context(system_u:object_r:crond_runtime_t,s0)
/run/fcron\.fifo -s gen_context(system_u:object_r:crond_runtime_t,s0)
/run/fcron\.pid -- gen_context(system_u:object_r:crond_runtime_t,s0)
/run/.*cron.* -- gen_context(system_u:object_r:crond_runtime_t,s0)

/var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/at(/.*)? gen_context(system_u:object_r:user_cron_spool_t,s0)
Expand Down

0 comments on commit e62996c

Please sign in to comment.