Bug 76194

Summary:	ntp policy doesn't include openntpd properly
Product:	Gentoo Linux	Reporter:	Spider (RETIRED) <spider>
Component:	Hardened	Assignee:	The Gentoo Linux Hardened Team <hardened>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Spider (RETIRED) gentoo-dev

2004-12-30 18:32:41 UTC

file_context for ntpd policy should include /usr/sbin/ntpd as well,  which is where openntpd installs itself rather than in /usr/bin 

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 petre rodan (RETIRED) gentoo-dev

2004-12-31 03:29:20 UTC

fixed in selinux-ntp-20041120 (that is currently ~ masked)

Comment 2 Spider (RETIRED) gentoo-dev

2004-12-31 13:25:25 UTC

Just realized it needs theese too :
/etc/ntpd\.conf                         system_u:object_r:ntp_etc_t


and for other settings:
allow ntpd_t ntpd_t:capability { sys_chroot };
        #EXE=/usr/sbin/ntpd   :  sys_chroot
allow ntpd_t random_device_t:chr_file { read };
        #EXE=/usr/sbin/ntpd  NAME=random   :  read



It also reports an error the -first- time its launched about the PRNG not being initialized, but then works at a manual restart. not sure whats going on there.

Comment 3 petre rodan (RETIRED) gentoo-dev

2004-12-31 14:20:29 UTC

random_device_t rule added to selinux-ntp-20050101. 
the others were covered by selinux-ntp-20041120

Happy New Year everyone :)