From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 11 Sep 2008 10:53:44 -0400
Subject: [refpolicy] Updated ntp policy
In-Reply-To: <48B2D542.2050203@redhat.com>
References: <48B2D542.2050203@redhat.com>
Message-ID: <1221144824.24369.30.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
> 
> Added support for ntpd_key_t for defining crypto information.  Prevent
> other domains from reading.
> 
> ntp needs getcap
> Uses shm for talking to certain time devices.
> 
> Add gpsd support
> 
> Talks to ptmx also for time devices

One thing that is weird is this:

+# Necessary to communicate with gpsd devices
+fs_rw_tmpfs_files(ntpd_t)

it sounds like there is a missing filetrans here.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150