From Debian package 0.2.20100524-7
0031-some-changes-in-cron-policy-for-debian-and-small-fix.patch (part of)

  * Allow crontab_t to create a directory of type crontab_tmp_t, necessary to
    allow crontab -e to work

Index: policy/modules/contrib/cron.if
===================================================================
--- policy/modules/contrib/cron.if.orig
+++ policy/modules/contrib/cron.if
@@ -34,7 +34,8 @@
 	allow $1_t self:fifo_file rw_fifo_file_perms;
 
 	allow $1_t $1_tmp_t:file manage_file_perms;
-	files_tmp_filetrans($1_t, $1_tmp_t, file)
+	allow $1_t $1_tmp_t:dir manage_dir_perms;
+	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
 
 	# create files in /var/spool/cron
 	manage_files_pattern($1_t, { cron_spool_t user_cron_spool_t }, user_cron_spool_t)
@@ -206,7 +207,7 @@
 		class passwd crontab;
 	')
 
-	role $1 types { cronjob_t admin_crontab_t admin_crontab_tmp_t };
+	role $1 types { cronjob_t admin_crontab_t };
 
 	# cronjob shows up in user ps
 	ps_process_pattern($2, cronjob_t)