[refpolicy] [PATCH] ntp: fix the drift file context and transition

Chris PeBenito pebenito at ieee.org
Fri May 26 00:58:13 UTC 2017


On 05/25/2017 03:27 PM, Guido Trentalancia via refpolicy wrote:
> Fix the ntp module by adding a new file context for the default
> location of the drift file (frequency of the local clock oscillator)
> and by adding the appropriate file transition interface call.
>
> Otherwise, the drift file cannot be created and the following error
> message is generated:
>
> frequency file /etc/ntp.drift.TEMP: Permission denied
>
> Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
> ---
>  policy/modules/contrib/ntp.fc |    1 +
>  policy/modules/contrib/ntp.te |    1 +
>  2 files changed, 2 insertions(+)
>
> --- a/policy/modules/contrib/ntp.fc	2017-05-23 21:34:17.435592081 +0200
> +++ b/policy/modules/contrib/ntp.fc	2017-05-25 20:49:09.320348817 +0200
> @@ -3,6 +3,7 @@
>  /etc/cron\.(daily|weekly)/ntp-server	--	gen_context(system_u:object_r:ntpd_exec_t,s0)
>
>  /etc/ntp\.conf				--	gen_context(system_u:object_r:ntp_conf_t,s0)
> +/etc/ntp\.drift				--	gen_context(system_u:object_r:ntp_drift_t,s0)
>  /etc/ntpd.*\.conf.*			--	gen_context(system_u:object_r:ntp_conf_t,s0)
>  /etc/ntp/crypto(/.*)?				gen_context(system_u:object_r:ntpd_key_t,s0)
>  /etc/ntp/data(/.*)?				gen_context(system_u:object_r:ntp_drift_t,s0)
> --- a/policy/modules/contrib/ntp.te	2017-05-23 21:34:17.435592081 +0200
> +++ b/policy/modules/contrib/ntp.te	2017-05-25 21:13:04.625964958 +0200
> @@ -65,6 +65,7 @@ allow ntpd_t ntp_conf_t:file read_file_p
>
>  manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
>  manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
> +files_etc_filetrans(ntpd_t, ntp_drift_t, file)
>  files_var_filetrans(ntpd_t, ntp_drift_t, file)
>
>  read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)

Merged.

-- 
Chris PeBenito


More information about the refpolicy mailing list