From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 15 Apr 2018 23:47:24 +0200
Subject: [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd
	and ntpdate
In-Reply-To: <fe9d7f20-2ce4-268a-6ec4-cde36bf96926@ieee.org>
References: <1523723777.4835.1.camel@trentalancia.com>
	<fe9d7f20-2ce4-268a-6ec4-cde36bf96926@ieee.org>
Message-ID: <8BE8AB3D-53DE-4BDF-8D76-A00B1039E89E@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

That's fine to me, I was undecided...

Regards,

Guido

On the 15th of april 2018 23:24:19 CEST, Chris PeBenito <pebenito@ieee.org> wrote:
>On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote:
>> The ntp_run() interface is modified so that it also allows
>> to run ntpdate and not just ntpd.
>> 
>> The comment in the ntpdate is changed to reflect the fact
>> that ntpdate is a client and not a server.
>> 
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>> ---
>>   policy/modules/contrib/ntp.if |    7 ++++---
>>   1 file changed, 4 insertions(+), 3 deletions(-)
>> 
>> diff -pru a/policy/modules/contrib/ntp.if
>b/policy/modules/contrib/ntp.if
>> --- a/policy/modules/contrib/ntp.if	2017-09-29 19:01:55.171455647
>+0200
>> +++ b/policy/modules/contrib/ntp.if	2018-04-14 18:14:18.537666188
>+0200
>> @@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
>>   
>>   ########################################
>>   ## <summary>
>> -##	Execute ntp in the ntp domain, and
>> -##	allow the specified role the ntp domain.
>> +##	Execute ntp or ntpdate in the ntp domain,
>> +##	and allow the specified role the ntp domain.
>>   ## </summary>
>>   ## <param name="domain">
>>   ##	<summary>
>> @@ -76,12 +76,13 @@ interface(`ntp_run',`
>>   	')
>>   
>>   	ntp_domtrans($1)
>> +	ntp_domtrans_ntpdate($1)
>>   	roleattribute $2 ntpd_roles;
>>   ')
>>   
>
>This definitely needs to be in a separate interface, ntp_run_ntpdate().