Written by: Martin Orr

Allow cron to read /proc/1/limits
This is done by pam_limits since pam 1.1.2-3 (Debian/Ubuntu patch).

type=SYSCALL msg=audit(1304857021.697:28): arch=c000003e syscall=2 success=no exit=-13 a0=7f14b63c82a3 a1=0 a2=1b6 a3=0 items=0 ppid=2634 pid=5465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cron" exe="/usr/sbin/cron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1304857021.697:28): avc:  denied  { search } for  pid=5465 comm="cron" name="1" dev=proc ino=2348 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=dir

Index: policy/modules/services/cron.te
===================================================================
--- policy/modules/services/cron.te.orig
+++ policy/modules/services/cron.te
@@ -203,6 +203,7 @@
 files_search_var_lib(crond_t)
 files_search_default(crond_t)
 
+init_read_state(crond_t)
 init_rw_utmp(crond_t)
 init_spec_domtrans_script(crond_t)