Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Mon, 05 Jun 2017 17:25:32
Message-Id: 1496682978.194609ea0eabce3979dcfa3775c86aa86cce4d78.perfinion@gentoo
1 commit: 194609ea0eabce3979dcfa3775c86aa86cce4d78
2 Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
3 AuthorDate: Thu May 25 19:27:17 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 5 17:16:18 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=194609ea
7
8 ntp: fix the drift file context and transition
9
10 Fix the ntp module by adding a new file context for the default
11 location of the drift file (frequency of the local clock oscillator)
12 and by adding the appropriate file transition interface call.
13
14 Otherwise, the drift file cannot be created and the following error
15 message is generated:
16
17 frequency file /etc/ntp.drift.TEMP: Permission denied
18
19 Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
20
21 policy/modules/contrib/ntp.fc | 1 +
22 policy/modules/contrib/ntp.te | 1 +
23 2 files changed, 2 insertions(+)
24
25 diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
26 index 9c8c35c9..38436f38 100644
27 --- a/policy/modules/contrib/ntp.fc
28 +++ b/policy/modules/contrib/ntp.fc
29 @@ -3,6 +3,7 @@
30 /etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0)
31
32 /etc/ntp\.conf -- gen_context(system_u:object_r:ntp_conf_t,s0)
33 +/etc/ntp\.drift -- gen_context(system_u:object_r:ntp_drift_t,s0)
34 /etc/ntpd.*\.conf.* -- gen_context(system_u:object_r:ntp_conf_t,s0)
35 /etc/ntp/crypto(/.*)? gen_context(system_u:object_r:ntpd_key_t,s0)
36 /etc/ntp/data(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
37
38 diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te
39 index cbd5fd18..30071e2d 100644
40 --- a/policy/modules/contrib/ntp.te
41 +++ b/policy/modules/contrib/ntp.te
42 @@ -66,6 +66,7 @@ allow ntpd_t ntp_conf_t:file read_file_perms;
43
44 manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
45 manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
46 +files_etc_filetrans(ntpd_t, ntp_drift_t, file)
47 files_var_filetrans(ntpd_t, ntp_drift_t, file)
48
49 read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
Report Message
Find on MARC Find on Google Groups