Hi,
> Considering that, with exceptions, all cron jobs are run as root, this
> would then mean that every cron job would have to do a cd / first so it
> can do anything. That is clearly unreasonable. SELinux needs to be
> fixed or there will be plenty of problems like this.
I think there is a "dontaudit" in the policy because of that for some
time now.
But actually you might WANT to know when some process is trying to
access /root when it's not supposed to do so.
And the cron jobs clearly should not access /root which may contain
things such as /root/.ssh/authorized_keys which for example is worth
protecting. Maybe even
.netrc or something which contains some password, if the admin is
careless.
I don't see much wrong with the root cronjobs using HOME=/ per default.
I mean, it's not the home directory of the cronjob, is it?
best regards,
Erich Schubert
--
erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_
It's not denial. I'm just selective about the reality I accept. //\
Wer keine Zeit mehr mit echten Freunden verbringt, der wird bald V_/_
sein Gleichgewicht verlieren. --- Michael Levine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
