From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 15 Apr 2018 17:24:19 -0400 Subject: [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate In-Reply-To: <1523723777.4835.1.camel@trentalancia.com> References: <1523723777.4835.1.camel@trentalancia.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote: > The ntp_run() interface is modified so that it also allows > to run ntpdate and not just ntpd. > > The comment in the ntpdate is changed to reflect the fact > that ntpdate is a client and not a server. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/ntp.if | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff -pru a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if > --- a/policy/modules/contrib/ntp.if 2017-09-29 19:01:55.171455647 +0200 > +++ b/policy/modules/contrib/ntp.if 2018-04-14 18:14:18.537666188 +0200 > @@ -55,8 +55,8 @@ interface(`ntp_domtrans',` > > ######################################## > ## > -## Execute ntp in the ntp domain, and > -## allow the specified role the ntp domain. > +## Execute ntp or ntpdate in the ntp domain, > +## and allow the specified role the ntp domain. > ## > ## > ## > @@ -76,12 +76,13 @@ interface(`ntp_run',` > ') > > ntp_domtrans($1) > + ntp_domtrans_ntpdate($1) > roleattribute $2 ntpd_roles; > ') > This definitely needs to be in a separate interface, ntp_run_ntpdate(). -- Chris PeBenito