From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 18 Feb 2018 11:14:20 -0500 Subject: [refpolicy] Question: NTP allowed TCP access? In-Reply-To: References: Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/16/2018 02:19 PM, David Sugar via refpolicy wrote: > As I was getting my chronyd patches ready to submit I noticed I had some rules allowing tcp access. I initially copied these from ntp.te. I went back and removed them before submitting my chronyd patches but in ntp.te lines 113 and 114 and maybe lines 102 and 104 also should probably be removed. > > I'm happy to submit a patch to remove this access. > I know that ntp should be only using udp. > Does someone know why these might be important? A quick look through the log says it came in from Fedora. I'm not sure otherwise. -- Chris PeBenito