Re: crond and /usr/bin/run-parts

[Fritz Elfert <fritz elfert millenux com>]

After you mentioned run_init, i read it's manpage and tried "run_init 
service crond restart". Didn't work out of the box, but that was an easy 
one. Just added the following into my local.te:

allow run_init_t sbin_t:file { read execute };

Now i can manually restart services properly with "run_init service 
whatever restart". Probably, /sbin/service should get a dedicated 
attribute instead of just system_u:object_r:sbin_t. Then one could have a 
more tighten rule describing what run_init_t is allowd to execute.

Ciao
 -Fritz

On Thu, 27 May 2004, Stephen Smalley wrote:

> On Thu, 2004-05-27 at 14:00, Fritz Elfert wrote:
> > Thanks a lot, that did the trick.
> 
> Good.  I think we have to make a change to policy/constraints in the
> policy sources to avoid the problem in the future, as the crond process
> will revert to root:system_r:crond_t if you restart it by hand again
> without using runcon or run_init.
> 
> 

-- 
Fritz Elfert <fritz elfert millenux com>                     Millenux GmbH
Lilienthalstr. 2                                  Phone: +49 711 88770 400
70825 Stuttgart                                     FAX: +49 711 88770 449
--------------------------------------------------------------------------