on one of my servers (running CentOS 5.4) is a cron job installed by
default which checks the status of my software array on a weekly base.
The script is the following: /etc/cron.weekly/99-raid-check (is shipped
Having a look at other cron jobs most run as bin_t and call a binary
e.g. logrotate or whatever and do a simple domtrans. The raid check
script only uses basic commands like if/grep/cat and so on. What would
be the best way to write a policy for such a script with the interest to
get it included into RHEL/Fedora or maybe even refpolicy (Chris: Is this
even interesting for refpolicy or should we exclude such tiny policies
because this one seems to be shipped only by RHEL/Fedora).
Just to make it precise: What would be the best way to write a policy
for such tiny cron job? I suppose it would be cron_system_entry()
because prelink uses it and has its own type. All others I have seen are
fedora-selinux-list mailing list