From: dac.override@gmail.com (Dominick Grift) Date: Sun, 18 Feb 2018 17:32:02 +0100 Subject: [refpolicy] Question: NTP allowed TCP access? In-Reply-To: References: Message-ID: <20180218163202.GA13293@julius.enp8s0.d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, Feb 18, 2018 at 11:14:20AM -0500, Chris PeBenito via refpolicy wrote: > On 02/16/2018 02:19 PM, David Sugar via refpolicy wrote: > > As I was getting my chronyd patches ready to submit I noticed I had some rules allowing tcp access. I initially copied these from ntp.te. I went back and removed them before submitting my chronyd patches but in ntp.te lines 113 and 114 and maybe lines 102 and 104 also should probably be removed. > > > > I'm happy to submit a patch to remove this access. > > I know that ntp should be only using udp. > > Does someone know why these might be important? > > A quick look through the log says it came in from Fedora. I'm not sure > otherwise. Let's remove it. I does not make sense. If it does, it will re-surface > > -- > Chris PeBenito > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20180218/a33358f6/attachment.bin