diff -up cronie-1.4.3/src/security.c.old cronie-1.4.3/src/security.c

--- cronie-1.4.3/src/security.c.old	2009-09-25 08:23:18.000000000 +0200

+++ cronie-1.4.3/src/security.c	2009-11-05 16:43:13.000000000 +0100

@@ -486,9 +486,37 @@ void free_security_context(security_cont

 int crontab_security_access(void) {

 #ifdef WITH_SELINUX

-	if (is_selinux_enabled() > 0)

-		if (selinux_check_passwd_access(PASSWD__CRONTAB) != 0)

-			return -1;

+	int selinux_check_passwd_access = -1;

+	if (is_selinux_enabled() > 0) {

+		security_context_t user_context;

+		if (getprevcon_raw(&user_context) == 0) {

+			security_class_t passwd_class;

+			struct av_decision avd;

+			int retval;

+

+			passwd_class = string_to_security_class("passwd");

+			if (passwd_class == 0) {

+				selinux_check_passwd_access = -1;

+				fprintf(stderr, "Security class \"passwd\" is not defined in the SELinux policy.\n");

+			}

+

+			retval = security_compute_av_raw(user_context,

+							user_context,

+							passwd_class,

+							PASSWD__CRONTAB,

+							&avd);

+

+			if ((retval == 0) && ((PASSWD__CRONTAB & avd.allowed) == PASSWD__CRONTAB)) {

+				selinux_check_passwd_access = 0;

+			}

+			freecon(user_context);

+		}

+

+		if (selinux_check_passwd_access != 0 && security_getenforce() == 0)

+			selinux_check_passwd_access = 0;

+

+		return selinux_check_passwd_access;

+	}

 #endif

 	return 0;

 }