This patch set is several changes to the chronyd module to achieve the following things:
1) Separate type for /etc/chrony.conf along with interfaces.
??? v2 - fix a comment in the patch
2) Interfaces to start/stop/status/etc.. the chronyd service
??? v2 - fix a comment in the patch
3) Allow chronyd to send/recv ntp client packets
4) New type for chronyc - it is run from chrony-wait.service but it was running in init_t domain
??? v2 - incorporate feedback on interface names & fix denial related to chowning /var/run/chrony
5) Add interface to domtrans into chronyc domain
??? v2 - incorporate feedback on interface names & allow cli access to tty
I have updated based on feedback.? I'm re-submitting the whole set.? I hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
v3 - don't submit as HTML emails - I'm not sure why that happened.
?chronyd.fc |?? 2 +
?chronyd.if | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
?chronyd.te |? 60 ++++++++++++++++++++++-
?3 files changed, 221 insertions(+), 2 deletions(-)
--
2.14.3
On 02/24/2018 09:37 AM, David Sugar via refpolicy wrote:
>
> This patch set is several changes to the chronyd module to achieve the following things:
>
> 1) Separate type for /etc/chrony.conf along with interfaces.
> ??? v2 - fix a comment in the patch
> 2) Interfaces to start/stop/status/etc.. the chronyd service
> ??? v2 - fix a comment in the patch
> 3) Allow chronyd to send/recv ntp client packets
> 4) New type for chronyc - it is run from chrony-wait.service but it was running in init_t domain
> ??? v2 - incorporate feedback on interface names & fix denial related to chowning /var/run/chrony
> 5) Add interface to domtrans into chronyc domain
> ??? v2 - incorporate feedback on interface names & allow cli access to tty
>
> I have updated based on feedback.? I'm re-submitting the whole set.? I hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
>
> v3 - don't submit as HTML emails - I'm not sure why that happened.
>
> ?chronyd.fc |?? 2 +
> ?chronyd.if | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ?chronyd.te |? 60 ++++++++++++++++++++++-
> ?3 files changed, 221 insertions(+), 2 deletions(-)
These still don't apply with git am. There are conflicts and fuzz.
--
Chris PeBenito
> -----Original Message-----
> From: Chris PeBenito [mailto:pebenito at ieee.org]
> Sent: Tuesday, February 27, 2018 5:24 PM
> To: David Sugar; refpolicy at oss.tresys.com
> Subject: Re: [refpolicy] [PATCH 0/5-v3] Updates for chronyd
>
> On 02/24/2018 09:37 AM, David Sugar via refpolicy wrote:
> >
> > This patch set is several changes to the chronyd module to achieve the
> following things:
> >
> > 1) Separate type for /etc/chrony.conf along with interfaces.
> > ??? v2 - fix a comment in the patch
> > 2) Interfaces to start/stop/status/etc.. the chronyd service
> > ??? v2 - fix a comment in the patch
> > 3) Allow chronyd to send/recv ntp client packets
> > 4) New type for chronyc - it is run from chrony-wait.service but it
> was running in init_t domain
> > ??? v2 - incorporate feedback on interface names & fix denial related
> to chowning /var/run/chrony
> > 5) Add interface to domtrans into chronyc domain
> > ??? v2 - incorporate feedback on interface names & allow cli access
> to tty
> >
> > I have updated based on feedback.? I'm re-submitting the whole set.? I
> hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
> >
> > v3 - don't submit as HTML emails - I'm not sure why that happened.
> >
> > ?chronyd.fc |?? 2 +
> > ?chronyd.if | 161
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > ?chronyd.te |? 60 ++++++++++++++++++++++-
> > ?3 files changed, 221 insertions(+), 2 deletions(-)
>
> These still don't apply with git am. There are conflicts and fuzz.
>
I'm not sure what is wrong. I just rebased to the latest refpolicy-contrib and remade the patches. They are exactly the same as what I sent in v3 (there have not been any other changes in chronyd policy for a while). Except that tabs were replaced with spaces in the email. Could that be causing diff to complain? I can try creating them again and just make sure that tabs get into the email that I send and hope the mail server somewhere isn't causing problems.
Dave Sugar
dsugar at tresys.com
>
> --
> Chris PeBenito
On 02/27/2018 07:25 PM, David Sugar via refpolicy wrote:
>
>
>> -----Original Message-----
>> From: Chris PeBenito [mailto:pebenito at ieee.org]
>> Sent: Tuesday, February 27, 2018 5:24 PM
>> To: David Sugar; refpolicy at oss.tresys.com
>> Subject: Re: [refpolicy] [PATCH 0/5-v3] Updates for chronyd
>>
>> On 02/24/2018 09:37 AM, David Sugar via refpolicy wrote:
>>>
>>> This patch set is several changes to the chronyd module to achieve the
>> following things:
>>>
>>> 1) Separate type for /etc/chrony.conf along with interfaces.
>>> ??? v2 - fix a comment in the patch
>>> 2) Interfaces to start/stop/status/etc.. the chronyd service
>>> ??? v2 - fix a comment in the patch
>>> 3) Allow chronyd to send/recv ntp client packets
>>> 4) New type for chronyc - it is run from chrony-wait.service but it
>> was running in init_t domain
>>> ??? v2 - incorporate feedback on interface names & fix denial related
>> to chowning /var/run/chrony
>>> 5) Add interface to domtrans into chronyc domain
>>> ??? v2 - incorporate feedback on interface names & allow cli access
>> to tty
>>>
>>> I have updated based on feedback.? I'm re-submitting the whole set.? I
>> hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
>>>
>>> v3 - don't submit as HTML emails - I'm not sure why that happened.
>>>
>>> ?chronyd.fc |?? 2 +
>>> ?chronyd.if | 161
>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> ?chronyd.te |? 60 ++++++++++++++++++++++-
>>> ?3 files changed, 221 insertions(+), 2 deletions(-)
>>
>> These still don't apply with git am. There are conflicts and fuzz.
>>
>
> I'm not sure what is wrong. I just rebased to the latest refpolicy-contrib and remade the patches. They are exactly the same as what I sent in v3 (there have not been any other changes in chronyd policy for a while). Except that tabs were replaced with spaces in the email. Could that be causing diff to complain? I can try creating them again and just make sure that tabs get into the email that I send and hope the mail server somewhere isn't causing problems.
If you want to put it as a pull request on GitHub, that's fine.
--
Chris PeBenito