From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 15 Apr 2018 17:24:19 -0400
Subject: [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd
 and ntpdate
In-Reply-To: <1523723777.4835.1.camel@trentalancia.com>
References: <1523723777.4835.1.camel@trentalancia.com>
Message-ID: <fe9d7f20-2ce4-268a-6ec4-cde36bf96926@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote:
> The ntp_run() interface is modified so that it also allows
> to run ntpdate and not just ntpd.
> 
> The comment in the ntpdate is changed to reflect the fact
> that ntpdate is a client and not a server.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>   policy/modules/contrib/ntp.if |    7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff -pru a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
> --- a/policy/modules/contrib/ntp.if	2017-09-29 19:01:55.171455647 +0200
> +++ b/policy/modules/contrib/ntp.if	2018-04-14 18:14:18.537666188 +0200
> @@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
>   
>   ########################################
>   ## <summary>
> -##	Execute ntp in the ntp domain, and
> -##	allow the specified role the ntp domain.
> +##	Execute ntp or ntpdate in the ntp domain,
> +##	and allow the specified role the ntp domain.
>   ## </summary>
>   ## <param name="domain">
>   ##	<summary>
> @@ -76,12 +76,13 @@ interface(`ntp_run',`
>   	')
>   
>   	ntp_domtrans($1)
> +	ntp_domtrans_ntpdate($1)
>   	roleattribute $2 ntpd_roles;
>   ')
>   

This definitely needs to be in a separate interface, ntp_run_ntpdate().


-- 
Chris PeBenito