use fcron as default scheduler in Fedora?

[Steve Grubb]

On Monday 22 December 2008 09:13:05 am Alain PORTAL wrote:
> > I think that fcron should be the default scheduler in fedora.
> > fcron, with the service fcron_watch_config activated should now be
> > 100% compatible with vixie-cron (cronie). The fcron_watch_config stuff
> > is a bit convoluted (3 scripts and one C program...) but should work.
> >
> > The advantages over cronie are the following:
> > * it also does what anacron does
> > * it has more features
> > * instead of waking up every minutes to look at config files, like
> >   cronie do, it uses inotify to watch the config. This should lead to
> >   less awaking and certainly be interesting for power saving in some
> >   situations

There are some disadvantages, too.

1) it does not support polyinstantiation - needed for MLS
2) It also does not send audit events based on denying a cron job. 
3) Its pam settings do not support the audit system out of the box. 
4) Its default pam settings need alignment with vixie-cron in general.

It would appear to not have had security reviews like vixie-cron has. In a few 
minutes I found what appears to be a potentially serious security problem. 
I've reported it upstream last week and no reply at all. I have not done a 
full code review like I would for our cert efforts, so there may be more 
problems waiting.


> Do you intend to package fcron for EPEL?

You have to be careful switching out core pieces of software that performs a 
security sensitive role. The lack of attacks on most of Fedora is due to 
years of review and feedback on code.

-Steve