From e62996c9aab7fe97a82be039d9ed3cb2cb90f05b Mon Sep 17 00:00:00 2001 From: Henrik Grindal Bakken Date: Tue, 15 Oct 2024 12:09:49 +0200 Subject: [PATCH] cron: Remove too greedy file context grab This regexp will match lots of unintended files, for example things created by tempfile patterns (could include "cron"), and also things inside subdirectories. It feels like a better approach would be to find actual directories used, or at the very least to limit it to files directly under /run. Signed-off-by: Henrik Grindal Bakken --- policy/modules/services/cron.fc | 1 - 1 file changed, 1 deletion(-) diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc index 827363d888..e71ad22c19 100644 --- a/policy/modules/services/cron.fc +++ b/policy/modules/services/cron.fc @@ -35,7 +35,6 @@ /run/cron(d)?\.reboot -- gen_context(system_u:object_r:crond_runtime_t,s0) /run/fcron\.fifo -s gen_context(system_u:object_r:crond_runtime_t,s0) /run/fcron\.pid -- gen_context(system_u:object_r:crond_runtime_t,s0) -/run/.*cron.* -- gen_context(system_u:object_r:crond_runtime_t,s0) /var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) /var/spool/at(/.*)? gen_context(system_u:object_r:user_cron_spool_t,s0)