commit: 194609ea0eabce3979dcfa3775c86aa86cce4d78 Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net> AuthorDate: Thu May 25 19:27:17 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Jun 5 17:16:18 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=194609ea
ntp: fix the drift file context and transition Fix the ntp module by adding a new file context for the default location of the drift file (frequency of the local clock oscillator) and by adding the appropriate file transition interface call. Otherwise, the drift file cannot be created and the following error message is generated: frequency file /etc/ntp.drift.TEMP: Permission denied Signed-off-by: Guido Trentalancia <guido at trentalancia.com> policy/modules/contrib/ntp.fc | 1 + policy/modules/contrib/ntp.te | 1 + 2 files changed, 2 insertions(+) diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc index 9c8c35c9..38436f38 100644 --- a/policy/modules/contrib/ntp.fc +++ b/policy/modules/contrib/ntp.fc @@ -3,6 +3,7 @@ /etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0) /etc/ntp\.conf -- gen_context(system_u:object_r:ntp_conf_t,s0) +/etc/ntp\.drift -- gen_context(system_u:object_r:ntp_drift_t,s0) /etc/ntpd.*\.conf.* -- gen_context(system_u:object_r:ntp_conf_t,s0) /etc/ntp/crypto(/.*)? gen_context(system_u:object_r:ntpd_key_t,s0) /etc/ntp/data(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0) diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te index cbd5fd18..30071e2d 100644 --- a/policy/modules/contrib/ntp.te +++ b/policy/modules/contrib/ntp.te @@ -66,6 +66,7 @@ allow ntpd_t ntp_conf_t:file read_file_perms; manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t) manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t) +files_etc_filetrans(ntpd_t, ntp_drift_t, file) files_var_filetrans(ntpd_t, ntp_drift_t, file) read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
