Attachment 389374 Details for Bug 529204 – ntp interface / socket patch

[patch] ntp interface / socket patch

ntp.patch (text/plain), 1.57 KB, created by Eric Gisse on 2014-11-15 11:58:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Eric Gisse

Created: 2014-11-15 11:58:05 UTC

Size: 1.57 KB

patch

obsolete

>diff --git a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
>index e96a309..647e910 100644
>--- a/policy/modules/contrib/ntp.if
>+++ b/policy/modules/contrib/ntp.if
>@@ -119,6 +119,23 @@ interface(`ntp_read_drift_files',`
> 
> ########################################
> ## <summary>
>+##	Read ntp configuration files.
>+## </summary>
>+## <param name="domain">
>+##	<summary>
>+##	Domain allowed access.
>+##	</summary>
>+## </param>
>+#
>+interface(`ntp_read_conf_files',`
>+	gen_require(`
>+		type ntp_conf_t;
>+	')
>+	read_files_pattern($1, ntp_conf_t, ntp_conf_t)
>+')
>+
>+########################################
>+## <summary>
> ##	Read and write ntpd shared memory.
> ## </summary>
> ## <param name="domain">
>diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
>index d053ee2..546762b 100644
>--- a/policy/modules/system/sysnetwork.te
>+++ b/policy/modules/system/sysnetwork.te
>@@ -77,6 +77,7 @@ files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, { file dir })
> # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
> # in /etc created by dhcpcd will be labelled net_conf_t.
> sysnet_manage_config(dhcpc_t)
>+ntp_read_conf_files(dhcpc_t)
> files_etc_filetrans(dhcpc_t, net_conf_t, file)
> 
> # create temp files
>@@ -84,6 +85,9 @@ manage_dirs_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
> manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
> files_tmp_filetrans(dhcpc_t, dhcpc_tmp_t, { file dir })
> 
>+# setup udev uevent sockets
>+allow dhcpc_t self:netlink_kobject_uevent_socket { create setopt };
>+
> can_exec(dhcpc_t, dhcpc_exec_t)
> 
> kernel_read_system_state(dhcpc_t)

Actions: View | Diff

Attachments on bug 529204: 389374