From da07ef512a6d790eb817d6095ac26404fc2de08d Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Feb 13 2009 14:09:57 +0000
Subject: - Allow cron read/write to system job pipes


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index e9a1dde..fe47c39 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -642246,7 +642246,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ##	all protocols (TCP, UDP, etc)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2009-02-13 14:52:09.000000000 +0100
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -642278,7 +642278,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
  
  # act on all domains keys
-@@ -148,3 +156,40 @@
+@@ -148,3 +156,41 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -642291,6 +642291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +optional_policy(`
 +	cron_dontaudit_write_system_job_tmp_files(domain)
 +	cron_rw_pipes(domain)
++	cron_rw_system_job_pipes(domain)
 +ifdef(`hide_broken_symptoms', `
 +	cron_dontaudit_rw_tcp_sockets(domain)
 +	allow domain domain:key { link search };
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6fd95d4..af3b92f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 122%{?dist}
+Release: 123%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Feb 13 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-123
+- Allow cron read/write to system job pipes
+
 * Fri Feb 13 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-122
 - Fix mysql policy
 - Fix qemu policy