commit: 2ae8da90372a0fcae7a02d81a600bb6b51119a95
Author: Dave Sugar <dsugar <AT> owlcyberdefense <DOT> com>
AuthorDate: Fri Sep 19 18:08:24 2025 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 16 00:13:57 2025 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=2ae8da90
fix: when using timedatectl to set system time
Using timedatectl to set system time, seeing this denial
node=localhost type=USER_AVC msg=audit(1758319110.911:214791): pid=1156 uid=81
auid+4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0
msg='avc: denied { send_msg } for scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:policykit_t:s0 tclass=dbus permissive=1
exe="/usr/bin/dbus-broker" sauid=81 hostname=? addr=? terminal=?'UID="dbus"
AUID="unset" SAUID="dbus"
Signed-off-by: Dave Sugar <dsugar100 <AT> gmail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/ntp.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index 5a75f3fce..8261dedfe 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -180,6 +180,10 @@ ifdef(`init_systemd',`
chronyd_startstop(ntpd_t)
')
+ optional_policy(`
+ policykit_dbus_chat(ntpd_t)
+ ')
+
optional_policy(`
unconfined_dbus_send(ntpd_t)
')
