76194 – ntp policy doesn't include openntpd properly

Bug 76194 - ntp policy doesn't include openntpd properly

Summary: ntp policy doesn't include openntpd properly

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-30 18:32 UTC by Spider (RETIRED)
Modified:	2004-12-31 14:20 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Spider (RETIRED) gentoo-dev

2004-12-30 18:32:41 UTC

file_context for ntpd policy should include /usr/sbin/ntpd as well,  which is where openntpd installs itself rather than in /usr/bin 

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 petre rodan (RETIRED) gentoo-dev

2004-12-31 03:29:20 UTC

fixed in selinux-ntp-20041120 (that is currently ~ masked)

Comment 2 Spider (RETIRED) gentoo-dev

2004-12-31 13:25:25 UTC

Just realized it needs theese too :
/etc/ntpd\.conf                         system_u:object_r:ntp_etc_t


and for other settings:
allow ntpd_t ntpd_t:capability { sys_chroot };
        #EXE=/usr/sbin/ntpd   :  sys_chroot
allow ntpd_t random_device_t:chr_file { read };
        #EXE=/usr/sbin/ntpd  NAME=random   :  read



It also reports an error the -first- time its launched about the PRNG not being initialized, but then works at a manual restart. not sure whats going on there.

Comment 3 petre rodan (RETIRED) gentoo-dev

2004-12-31 14:20:29 UTC

random_device_t rule added to selinux-ntp-20050101. 
the others were covered by selinux-ntp-20041120

Happy New Year everyone :)