Control: reassign -1 src:refpolicy 2:2.20140206-1 On Lu, 03 mar 14, 15:02:29, Zack Weinberg wrote: > Source: selinux-policy-default > Version: 2:2.20140206-1 > Severity: normal > > The init script for ntpd in Debian is named /etc/init.d/ntp. The fcontext > module for ntpd (modules/contrib/ntp.fc) expects it to be named > /etc/(rc.d/)init.d/ntpd instead (that is, with a trailing 'd'). As a result > ntpd runs under the wrong label and generates lots of spurious AVC messages. > > I think the cure is as simple as adding > > /etc/rc\.d/init\.d/ntp -- > gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) > > right after the existing > > /etc/rc\.d/init\.d/ntpd -- > gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) > > in ntp.fc. (Or you could change "ntpd" to "ntpd?" on the existing line, > making that regex match both possible names, but that might not be > understood as easily.) > > zw > > -- System Information: > Debian Release: jessie/sid > APT prefers unstable > APT policy: (501, 'unstable'), (500, 'testing'), (101, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores) > Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash
-- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt
signature.asc
Description: Digital signature
