Hi Russell, Russell Coker wrote: > Package: cron > Version: 3.0pl1-105 > Severity: normal > > The "crontab -u" command allows the sysadmin to edit the crontab file for > another user. > > If it is run as unconfined_t or sysadm_t (really the -u option shouldn't work > otherwise) then there should be an option to specify a SE Linux context > for the user and the crontab program should determine the default role for > the user in question. Then the crontab file can be created with the correct > context to allow a cron job to be run. > > Currently if "crontab -u" is used to create a new spool file for a user with > a different role then cron will refuse to run it. > > PS I plan to write the patch to do this myself. Please remind me if I > haven't > attached a patch in a few weeks.
If you are still willing to do this and you have the time available, a patch would be much appreciated. In any case, seeing as you and Manoj contributed all of the SELinux features in cron, you might be interested in the current state of the patch, from the 3.0 (quilt) branch: http://svn.debian.org/wsvn/pkg-cron/branches/sf3/debian/patches/features/selinux-support Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
