From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 11 Sep 2008 11:28:25 -0400
Subject: [refpolicy] Updated ntp policy
In-Reply-To: <1221144824.24369.30.camel@gorn.columbia.tresys.com>
References: <48B2D542.2050203@redhat.com>
	<1221144824.24369.30.camel@gorn.columbia.tresys.com>
Message-ID: <48C93919.40303@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher J. PeBenito wrote:
> On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
>>
>> Added support for ntpd_key_t for defining crypto information.  Prevent
>> other domains from reading.
>>
>> ntp needs getcap
>> Uses shm for talking to certain time devices.
>>
>> Add gpsd support
>>
>> Talks to ptmx also for time devices
> 
> One thing that is weird is this:
> 
> +# Necessary to communicate with gpsd devices
> +fs_rw_tmpfs_files(ntpd_t)
> 
> it sounds like there is a missing filetrans here.
> 
We can try this, but I am not sure if the gpsd device created the file
for communication in the tmpfs first.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjJORkACgkQrlYvE4MpobP3qACgl03CsnZszhrbw1btj3dpnmBj
wSEAoOZ7PgaxWA9r2j7FH6pDqMlKGTUK
=/dSp
-----END PGP SIGNATURE-----