Written by: Martin Orr

Allow /etc/cron.daily/standard to use /var/lock/cron.daily

type=SYSCALL msg=audit(1311156877.301:22): arch=c000003e syscall=2 success=no exit=-13 a0=d64928 a1=241 a2=1b6 a3=0 items=0 ppid=3782 pid=3961 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="standard" exe="/bin/dash" subj=system_u:system_r:backup_t:s0 key=(null)
type=AVC msg=audit(1311156877.301:22): avc:  denied  { write } for  pid=3961 comm="standard" name="lock" dev=tmpfs ino=414 scontext=system_u:system_r:backup_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir

Index: policy/modules/admin/backup.te
===================================================================
--- policy/modules/admin/backup.te.orig
+++ policy/modules/admin/backup.te
@@ -14,6 +14,9 @@
 type backup_store_t;
 files_type(backup_store_t)
 
+type backup_lock_t;
+files_lock_file(backup_lock_t)
+
 ########################################
 #
 # Local policy
@@ -30,6 +33,9 @@
 rw_files_pattern(backup_t, backup_store_t, backup_store_t)
 read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t)
 
+allow backup_t backup_lock_t:file manage_file_perms;
+files_lock_filetrans(backup_t, backup_lock_t, file)
+
 kernel_read_system_state(backup_t)
 kernel_read_kernel_sysctls(backup_t)