From 59a36a9af02f67b9542922d6ab06586a42b2be2a Mon Sep 17 00:00:00 2001 From: Laurent Bigonville Date: Thu, 3 Dec 2015 17:14:08 +0100 Subject: Allow the user cronjobs to run in their userdomain When cron_userdomain_transition boolean is set to on, the user cronjobs are supposed to run in their domains. Without this patch the default context is not properly computed: $ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0 /usr/sbin/getdefaultcon: Invalid argument $ /usr/sbin/getdefaultcon staff_u system_u:system_r:crond_t:s0 staff_u:sysadm_r:sysadm_t:s0 With this patch applied: $ /usr/sbin/getdefaultcon user_u system_u:system_r:crond_t:s0 user_u:user_r:user_t:s0 $ /usr/sbin/getdefaultcon staff_ system_u:system_r:crond_t:s0 staff_u:staff_r:staff_t:s0 --- config/appconfig-mcs/default_contexts | 2 +- config/appconfig-mcs/staff_u_default_contexts | 2 +- config/appconfig-mcs/user_u_default_contexts | 2 +- config/appconfig-mls/default_contexts | 2 +- config/appconfig-mls/staff_u_default_contexts | 2 +- config/appconfig-mls/user_u_default_contexts | 2 +- config/appconfig-standard/default_contexts | 2 +- config/appconfig-standard/staff_u_default_contexts | 2 +- config/appconfig-standard/user_u_default_contexts | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) (limited to 'config') diff --git a/config/appconfig-mcs/default_contexts b/config/appconfig-mcs/default_contexts index 0bb7393db..6d2e4070a 100644 --- a/config/appconfig-mcs/default_contexts +++ b/config/appconfig-mcs/default_contexts @@ -1,4 +1,4 @@ -system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0 +system_r:crond_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0 system_r:atd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0 diff --git a/config/appconfig-mcs/staff_u_default_contexts b/config/appconfig-mcs/staff_u_default_contexts index d230e08a4..5606c4ea6 100644 --- a/config/appconfig-mcs/staff_u_default_contexts +++ b/config/appconfig-mcs/staff_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 system_r:remote_login_t:s0 staff_r:staff_t:s0 system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 -system_r:crond_t:s0 staff_r:cronjob_t:s0 staff_r:staff_t:s0 +system_r:crond_t:s0 staff_r:staff_t:s0 staff_r:cronjob_t:s0 system_r:xdm_t:s0 staff_r:staff_t:s0 staff_r:staff_su_t:s0 staff_r:staff_t:s0 staff_r:staff_sudo_t:s0 staff_r:staff_t:s0 diff --git a/config/appconfig-mcs/user_u_default_contexts b/config/appconfig-mcs/user_u_default_contexts index 78d234e48..56d6071c2 100644 --- a/config/appconfig-mcs/user_u_default_contexts +++ b/config/appconfig-mcs/user_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t:s0 user_r:user_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 system_r:sshd_t:s0 user_r:user_t:s0 -system_r:crond_t:s0 user_r:cronjob_t:s0 user_r:user_t:s0 +system_r:crond_t:s0 user_r:user_t:s0 user_r:cronjob_t:s0 system_r:xdm_t:s0 user_r:user_t:s0 user_r:user_su_t:s0 user_r:user_t:s0 user_r:user_sudo_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-mls/default_contexts b/config/appconfig-mls/default_contexts index 0bb7393db..6d2e4070a 100644 --- a/config/appconfig-mls/default_contexts +++ b/config/appconfig-mls/default_contexts @@ -1,4 +1,4 @@ -system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0 +system_r:crond_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0 system_r:atd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0 diff --git a/config/appconfig-mls/staff_u_default_contexts b/config/appconfig-mls/staff_u_default_contexts index d230e08a4..5606c4ea6 100644 --- a/config/appconfig-mls/staff_u_default_contexts +++ b/config/appconfig-mls/staff_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 system_r:remote_login_t:s0 staff_r:staff_t:s0 system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 -system_r:crond_t:s0 staff_r:cronjob_t:s0 staff_r:staff_t:s0 +system_r:crond_t:s0 staff_r:staff_t:s0 staff_r:cronjob_t:s0 system_r:xdm_t:s0 staff_r:staff_t:s0 staff_r:staff_su_t:s0 staff_r:staff_t:s0 staff_r:staff_sudo_t:s0 staff_r:staff_t:s0 diff --git a/config/appconfig-mls/user_u_default_contexts b/config/appconfig-mls/user_u_default_contexts index 78d234e48..56d6071c2 100644 --- a/config/appconfig-mls/user_u_default_contexts +++ b/config/appconfig-mls/user_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t:s0 user_r:user_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 system_r:sshd_t:s0 user_r:user_t:s0 -system_r:crond_t:s0 user_r:cronjob_t:s0 user_r:user_t:s0 +system_r:crond_t:s0 user_r:user_t:s0 user_r:cronjob_t:s0 system_r:xdm_t:s0 user_r:user_t:s0 user_r:user_su_t:s0 user_r:user_t:s0 user_r:user_sudo_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-standard/default_contexts b/config/appconfig-standard/default_contexts index 7aeba7097..fcc65d670 100644 --- a/config/appconfig-standard/default_contexts +++ b/config/appconfig-standard/default_contexts @@ -1,4 +1,4 @@ -system_r:crond_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t +system_r:crond_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t system_r:atd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:local_login_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:remote_login_t user_r:user_t staff_r:staff_t unconfined_r:unconfined_t diff --git a/config/appconfig-standard/staff_u_default_contexts b/config/appconfig-standard/staff_u_default_contexts index 78a4792a3..300694ce8 100644 --- a/config/appconfig-standard/staff_u_default_contexts +++ b/config/appconfig-standard/staff_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t system_r:remote_login_t staff_r:staff_t system_r:sshd_t staff_r:staff_t sysadm_r:sysadm_t -system_r:crond_t staff_r:cronjob_t staff_r:staff_t +system_r:crond_t staff_r:staff_t staff_r:cronjob_t system_r:xdm_t staff_r:staff_t staff_r:staff_su_t staff_r:staff_t staff_r:staff_sudo_t staff_r:staff_t diff --git a/config/appconfig-standard/user_u_default_contexts b/config/appconfig-standard/user_u_default_contexts index 33ec3a174..63b7eecd1 100644 --- a/config/appconfig-standard/user_u_default_contexts +++ b/config/appconfig-standard/user_u_default_contexts @@ -1,7 +1,7 @@ system_r:local_login_t user_r:user_t system_r:remote_login_t user_r:user_t system_r:sshd_t user_r:user_t -system_r:crond_t user_r:cronjob_t user_r:user_t +system_r:crond_t user_r:user_t user_r:cronjob_t system_r:xdm_t user_r:user_t user_r:user_su_t user_r:user_t user_r:user_sudo_t user_r:user_t -- cgit v1.2.3-65-gdbad