http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
Added support for ntpd_key_t for defining crypto information. Prevent
other domains from reading.
ntp needs getcap
Uses shm for talking to certain time devices.
Add gpsd support
Talks to ptmx also for time devices
On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
>
> Added support for ntpd_key_t for defining crypto information. Prevent
> other domains from reading.
>
> ntp needs getcap
> Uses shm for talking to certain time devices.
>
> Add gpsd support
>
> Talks to ptmx also for time devices
One thing that is weird is this:
+# Necessary to communicate with gpsd devices
+fs_rw_tmpfs_files(ntpd_t)
it sounds like there is a missing filetrans here.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
>>
>> Added support for ntpd_key_t for defining crypto information. Prevent
>> other domains from reading.
>>
>> ntp needs getcap
>> Uses shm for talking to certain time devices.
>>
>> Add gpsd support
>>
>> Talks to ptmx also for time devices
>
> One thing that is weird is this:
>
> +# Necessary to communicate with gpsd devices
> +fs_rw_tmpfs_files(ntpd_t)
>
> it sounds like there is a missing filetrans here.
>
We can try this, but I am not sure if the gpsd device created the file
for communication in the tmpfs first.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjJORkACgkQrlYvE4MpobP3qACgl03CsnZszhrbw1btj3dpnmBj
wSEAoOZ7PgaxWA9r2j7FH6pDqMlKGTUK
=/dSp
-----END PGP SIGNATURE-----