How to handle cron jobs?
Stefan Schulze Frielinghaus
stefan at seekline.net
Thu Dec 31 13:16:51 UTC 2009
Hi all,
on one of my servers (running CentOS 5.4) is a cron job installed by
default which checks the status of my software array on a weekly base.
The script is the following: /etc/cron.weekly/99-raid-check (is shipped
via mdadm)
Having a look at other cron jobs most run as bin_t and call a binary
e.g. logrotate or whatever and do a simple domtrans. The raid check
script only uses basic commands like if/grep/cat and so on. What would
be the best way to write a policy for such a script with the interest to
get it included into RHEL/Fedora or maybe even refpolicy (Chris: Is this
even interesting for refpolicy or should we exclude such tiny policies
because this one seems to be shipped only by RHEL/Fedora).
Just to make it precise: What would be the best way to write a policy
for such tiny cron job? I suppose it would be cron_system_entry()
because prelink uses it and has its own type. All others I have seen are
using domtrans().
cheers,
Stefan
More information about the fedora-selinux-list
mailing list