Attachment #389374 for bug #529204

View | Details | Raw Unified | Return to bug 529204
Collapse All | Expand All





########################################
## <summary>
##	Read ntp configuration files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`ntp_read_conf_files',`
	gen_require(`
		type ntp_conf_t;
	')
	read_files_pattern($1, ntp_conf_t, ntp_conf_t)
')

########################################
## <summary>
##	Read and write ntpd shared memory.
## </summary>
## <param name="domain">

Lines 77-82 files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir }) Link Here

(-)a/policy/modules/system/sysnetwork.te (+4 lines)
77	# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files	77	# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
78	# in /etc created by dhcpcd will be labelled net_conf_t.	78	# in /etc created by dhcpcd will be labelled net_conf_t.
79	sysnet_manage_config(dhcpc_t)	79	sysnet_manage_config(dhcpc_t)
		80	ntp_read_conf_files(dhcpc_t)
80	files_etc_filetrans(dhcpc_t, net_conf_t, file)	81	files_etc_filetrans(dhcpc_t, net_conf_t, file)
81		82
82	# create temp files	83	# create temp files
Lines 84-89 manage_dirs_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t) Link Here
84	manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)	85	manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
85	files_tmp_filetrans(dhcpc_t, dhcpc_tmp_t, { file dir })	86	files_tmp_filetrans(dhcpc_t, dhcpc_tmp_t, { file dir })
86		87
		88	# setup udev uevent sockets
		89	allow dhcpc_t self:netlink_kobject_uevent_socket { create setopt };
		90
87	can_exec(dhcpc_t, dhcpc_exec_t)	91	can_exec(dhcpc_t, dhcpc_exec_t)
88		92
89	kernel_read_system_state(dhcpc_t)	93	kernel_read_system_state(dhcpc_t)

Return to bug 529204

Lines 119-124 interface(`ntp_read_drift_files',` Link Here

(-)a/policy/modules/contrib/ntp.if (+17 lines)
119		119
120	########################################	120	########################################
121	## <summary>	121	## <summary>
		122	## Read ntp configuration files.
		123	## </summary>
		124	## <param name="domain">
		125	## <summary>
		126	## Domain allowed access.
		127	## </summary>
		128	## </param>
		129	#
		130	interface(`ntp_read_conf_files',`
		131	gen_require(`
		132	type ntp_conf_t;
		133	')
		134	read_files_pattern($1, ntp_conf_t, ntp_conf_t)
		135	')
		136
		137	########################################
		138	## <summary>
122	## Read and write ntpd shared memory.	139	## Read and write ntpd shared memory.
123	## </summary>	140	## </summary>
124	## <param name="domain">	141	## <param name="domain">