use fcron as default scheduler in Fedora?
Steve Grubb
sgrubb at redhat.com
Tue Dec 23 14:45:54 UTC 2008
On Monday 22 December 2008 09:13:05 am Alain PORTAL wrote:
> > I think that fcron should be the default scheduler in fedora.
> > fcron, with the service fcron_watch_config activated should now be
> > 100% compatible with vixie-cron (cronie). The fcron_watch_config stuff
> > is a bit convoluted (3 scripts and one C program...) but should work.
> >
> > The advantages over cronie are the following:
> > * it also does what anacron does
> > * it has more features
> > * instead of waking up every minutes to look at config files, like
> > cronie do, it uses inotify to watch the config. This should lead to
> > less awaking and certainly be interesting for power saving in some
> > situations
There are some disadvantages, too.
1) it does not support polyinstantiation - needed for MLS
2) It also does not send audit events based on denying a cron job.
3) Its pam settings do not support the audit system out of the box.
4) Its default pam settings need alignment with vixie-cron in general.
It would appear to not have had security reviews like vixie-cron has. In a few
minutes I found what appears to be a potentially serious security problem.
I've reported it upstream last week and no reply at all. I have not done a
full code review like I would for our cert efforts, so there may be more
problems waiting.
> Do you intend to package fcron for EPEL?
You have to be careful switching out core pieces of software that performs a
security sensitive role. The lack of attacks on most of Fedora is due to
years of review and feedback on code.
-Steve
More information about the fedora-devel-list
mailing list