[DSE-Dev] Bug#679277: selinux-policy-default: cronjob_t is not a suitable domain for cron jobs
Russell Coker
russell at coker.com.au
Wed Jun 27 14:56:50 UTC 2012
Package: selinux-policy-default
Version: 2:2.20110726-4
Severity: important
Currently the domain cronjob_t is used for all user cron jobs. This breaks
separation between roles and also doesn't permit the cron jobs to perform
expected tasks such as managing files under a user home directory.
Cron jobs for user_t should run as user_t.
More information about the SELinux-devel
mailing list