From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 18 Feb 2018 11:14:20 -0500
Subject: [refpolicy] Question: NTP allowed TCP access?
In-Reply-To: <MWHPR15MB1853C06D0049D762EFEF3588B9CB0@MWHPR15MB1853.namprd15.prod.outlook.com>
References: <MWHPR15MB1853C06D0049D762EFEF3588B9CB0@MWHPR15MB1853.namprd15.prod.outlook.com>
Message-ID: <ab5ed3f8-4359-af53-7663-98aac6da7bad@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/16/2018 02:19 PM, David Sugar via refpolicy wrote:
> As I was getting my chronyd patches ready to submit I noticed I had some rules allowing tcp access.  I initially copied these from ntp.te.  I went back and removed them before submitting my chronyd patches but in ntp.te lines 113 and 114 and maybe lines 102 and 104 also should probably be removed.
> 
> I'm happy to submit a patch to remove this access.
> I know that ntp should be only using udp.
> Does someone know why these might be important?

A quick look through the log says it came in from Fedora.  I'm not sure 
otherwise.

-- 
Chris PeBenito