[DSE-Dev] at: Needs SE Linux support
Laurent Bigonville
bigon at debian.org
Sat Mar 15 17:00:41 UTC 2014
Hi,
Please find attached here a patch that add SELinux support for at. This
is a slightly modified version of the fedora patch[0]. The only
modifications are to autofoo files to fix a FTBFS and to make it apply
cleanly.
I've tested it and now at reproduces the cron behavior:
- When cron_userdomain_transition is set to off, a process for an
unconfined user will transition to unconfined_cronjob_t. For confined
user, the job is run as cronjob_t.
- When cron_userdomain_transition is set to on, the processes are run
under the user default context.
Please note that this patch is not setting the context before calling
sendmail as by default it will transition to system_mail_t anyway.
Cheers,
Laurent Bigonville
[0]http://pkgs.fedoraproject.org/cgit/at.git/tree/at-3.1.14-selinux.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 510466.patch
Type: text/x-patch
Size: 5119 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140315/fb1fc602/attachment.bin>
More information about the SELinux-devel
mailing list