From: dsugar@tresys.com (David Sugar) Date: Tue, 20 Feb 2018 13:32:41 +0000 Subject: [refpolicy] [PATCH 0/5-v2] Updates for chronyd Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch set is several changes to the chronyd module to achieve the following things: 1) Separate type for /etc/chrony.conf along with interfaces. v2 - fix a comment in the patch 2) Interfaces to start/stop/status/etc.. the chronyd service v2 - fix a comment in the patch 3) Allow chronyd to send/recv ntp client packets 4) New type for chronyc - it is run from chrony-wait.service but it was running in init_t domain v2 - incorporate feedback on interface names & fix denial related to chowning /var/run/chrony 5) Add interface to domtrans into chronyc domain v2 - incorporate feedback on interface names & allow cli access to tty I have updated based on feedback. I'm re-submitting the whole set. I hope this is easiest for Chris when merging. Only 3/5 has NOT changed. chronyd.fc | 2 + chronyd.if | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ chronyd.te | 60 ++++++++++++++++++++++- 3 files changed, 221 insertions(+), 2 deletions(-) -- 2.14.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20180220/36a87051/attachment.html