From: jason@perfinion.com (Jason Zaman)
Date: Mon, 23 Jun 2014 22:41:01 +0400
Subject: [refpolicy] [PATCH v2] Add filetrans for ntp-kod file
Message-ID: <1403548861-26249-1-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

sntp has a file used to persist the history of KoD responses
received from servers.  The  default  is /var/db/ntp-kod.

This patch adds the fcontext and a filetrans so it can be created.

Changes from v1:
* use files_var_filetrans instead of filetrans_pattern

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 ntp.fc | 1 +
 ntp.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ntp.fc b/ntp.fc
index 147e480..89b9cb1 100644
--- a/ntp.fc
+++ b/ntp.fc
@@ -17,6 +17,7 @@
 
 /var/lib/ntp(/.*)?		gen_context(system_u:object_r:ntp_drift_t,s0)
 /var/lib/sntp-kod(/.*)?		gen_context(system_u:object_r:ntp_drift_t,s0)
+/var/db/ntp-kod		--	gen_context(system_u:object_r:ntp_drift_t,s0)
 
 /var/log/ntp.*		--	gen_context(system_u:object_r:ntpd_log_t,s0)
 /var/log/ntpstats(/.*)?		gen_context(system_u:object_r:ntpd_log_t,s0)
diff --git a/ntp.te b/ntp.te
index c37385e..37d974a 100644
--- a/ntp.te
+++ b/ntp.te
@@ -53,6 +53,7 @@ allow ntpd_t self:tcp_socket { accept listen };
 
 manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
 manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
+files_var_filetrans(ntpd_t, ntp_drift_t, file, "ntp-kod")
 
 allow ntpd_t ntp_conf_t:file read_file_perms;
 
-- 
1.8.5.5