| 1 |
commit: db9a72463f10cbb7217d816dc4a2fe7ba584e888 |
| 2 |
Author: Dave Sugar <dsugar <AT> tresys <DOT> com> |
| 3 |
AuthorDate: Mon Mar 5 14:03:00 2018 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Mar 25 09:30:59 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=db9a7246 |
| 7 |
|
| 8 |
Chronyd talks ntp client packets to get time from server |
| 9 |
|
| 10 |
chronyd is an NTP client along with an NTP server. Change to allow chronyd to send/recv ntp client packets. |
| 11 |
|
| 12 |
Signed-off-by: Dave Sugar <dsugar <AT> tresys.com> |
| 13 |
|
| 14 |
policy/modules/contrib/chronyd.te | 1 + |
| 15 |
1 file changed, 1 insertion(+) |
| 16 |
|
| 17 |
diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te |
| 18 |
index 09d7f834..f28dd5e6 100644 |
| 19 |
--- a/policy/modules/contrib/chronyd.te |
| 20 |
+++ b/policy/modules/contrib/chronyd.te |
| 21 |
@@ -74,6 +74,7 @@ corenet_udp_sendrecv_generic_if(chronyd_t) |
| 22 |
corenet_udp_sendrecv_generic_node(chronyd_t) |
| 23 |
corenet_udp_bind_generic_node(chronyd_t) |
| 24 |
|
| 25 |
+corenet_sendrecv_ntp_client_packets(chronyd_t) |
| 26 |
corenet_sendrecv_ntp_server_packets(chronyd_t) |
| 27 |
corenet_udp_bind_ntp_port(chronyd_t) |
| 28 |
corenet_udp_sendrecv_ntp_port(chronyd_t) |
Archives