Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Wed, 25 Jun 2014 19:07:16
Message-Id: 1403723086.a62050c31b26767018a3c7585b2905d9b7a40b0f.swift@gentoo
1 commit: a62050c31b26767018a3c7585b2905d9b7a40b0f
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Mon Jun 23 18:41:01 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Wed Jun 25 19:04:46 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a62050c3
7
8 Add filetrans for ntp-kod file
9
10 sntp has a file used to persist the history of KoD responses
11 received from servers. The default is /var/db/ntp-kod.
12
13 This patch adds the fcontext and a filetrans so it can be created.
14
15 Changes from v1:
16 * use files_var_filetrans instead of filetrans_pattern
17
18 Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
19
20 ---
21 policy/modules/contrib/ntp.fc | 1 +
22 policy/modules/contrib/ntp.te | 1 +
23 2 files changed, 2 insertions(+)
24
25 diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
26 index 147e480..89b9cb1 100644
27 --- a/policy/modules/contrib/ntp.fc
28 +++ b/policy/modules/contrib/ntp.fc
29 @@ -17,6 +17,7 @@
30
31 /var/lib/ntp(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
32 /var/lib/sntp-kod(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
33 +/var/db/ntp-kod -- gen_context(system_u:object_r:ntp_drift_t,s0)
34
35 /var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
36 /var/log/ntpstats(/.*)? gen_context(system_u:object_r:ntpd_log_t,s0)
37
38 diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te
39 index c37385e..37d974a 100644
40 --- a/policy/modules/contrib/ntp.te
41 +++ b/policy/modules/contrib/ntp.te
42 @@ -53,6 +53,7 @@ allow ntpd_t self:tcp_socket { accept listen };
43
44 manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
45 manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
46 +files_var_filetrans(ntpd_t, ntp_drift_t, file, "ntp-kod")
47
48 allow ntpd_t ntp_conf_t:file read_file_perms;
Report Message
Find on MARC Find on Google Groups