From: dsugar@tresys.com (David Sugar)
Date: Fri, 16 Feb 2018 19:19:34 +0000
Subject: [refpolicy] Question: NTP allowed TCP access?
Message-ID: <MWHPR15MB1853C06D0049D762EFEF3588B9CB0@MWHPR15MB1853.namprd15.prod.outlook.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

As I was getting my chronyd patches ready to submit I noticed I had some rules allowing tcp access.  I initially copied these from ntp.te.  I went back and removed them before submitting my chronyd patches but in ntp.te lines 113 and 114 and maybe lines 102 and 104 also should probably be removed.

I'm happy to submit a patch to remove this access. 
I know that ntp should be only using udp.  
Does someone know why these might be important?

Dave Sugar
dsugar at tresys.com