From: pebenito@ieee.org (Chris PeBenito) Date: Thu, 25 May 2017 20:58:13 -0400 Subject: [refpolicy] [PATCH] ntp: fix the drift file context and transition In-Reply-To: <1495740437.4595.0.camel@trentalancia.com> References: <1495740437.4595.0.camel@trentalancia.com> Message-ID: <469a3350-b055-3af2-2645-13e830ebf683@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/25/2017 03:27 PM, Guido Trentalancia via refpolicy wrote: > Fix the ntp module by adding a new file context for the default > location of the drift file (frequency of the local clock oscillator) > and by adding the appropriate file transition interface call. > > Otherwise, the drift file cannot be created and the following error > message is generated: > > frequency file /etc/ntp.drift.TEMP: Permission denied > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/ntp.fc | 1 + > policy/modules/contrib/ntp.te | 1 + > 2 files changed, 2 insertions(+) > > --- a/policy/modules/contrib/ntp.fc 2017-05-23 21:34:17.435592081 +0200 > +++ b/policy/modules/contrib/ntp.fc 2017-05-25 20:49:09.320348817 +0200 > @@ -3,6 +3,7 @@ > /etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0) > > /etc/ntp\.conf -- gen_context(system_u:object_r:ntp_conf_t,s0) > +/etc/ntp\.drift -- gen_context(system_u:object_r:ntp_drift_t,s0) > /etc/ntpd.*\.conf.* -- gen_context(system_u:object_r:ntp_conf_t,s0) > /etc/ntp/crypto(/.*)? gen_context(system_u:object_r:ntpd_key_t,s0) > /etc/ntp/data(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0) > --- a/policy/modules/contrib/ntp.te 2017-05-23 21:34:17.435592081 +0200 > +++ b/policy/modules/contrib/ntp.te 2017-05-25 21:13:04.625964958 +0200 > @@ -65,6 +65,7 @@ allow ntpd_t ntp_conf_t:file read_file_p > > manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t) > manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t) > +files_etc_filetrans(ntpd_t, ntp_drift_t, file) > files_var_filetrans(ntpd_t, ntp_drift_t, file) > > read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t) Merged. -- Chris PeBenito