From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 382A413877A for ; Wed, 25 Jun 2014 19:07:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0B1C2E0838; Wed, 25 Jun 2014 19:06:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 657F4E0838 for ; Wed, 25 Jun 2014 19:06:56 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3D8F6340034 for ; Wed, 25 Jun 2014 19:06:50 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 8B02119152 for ; Wed, 25 Jun 2014 19:06:47 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1403723086.a62050c31b26767018a3c7585b2905d9b7a40b0f.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/ntp.fc policy/modules/contrib/ntp.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: a62050c31b26767018a3c7585b2905d9b7a40b0f X-VCS-Branch: master Date: Wed, 25 Jun 2014 19:06:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: e384e3a9-222a-4a1c-bcc0-a8338ea5c226 X-Archives-Hash: cf3bd2546fb812699656bcfbcbbe9d96 commit: a62050c31b26767018a3c7585b2905d9b7a40b0f Author: Jason Zaman perfinion com> AuthorDate: Mon Jun 23 18:41:01 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Jun 25 19:04:46 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a62050c3 Add filetrans for ntp-kod file sntp has a file used to persist the history of KoD responses received from servers. The default is /var/db/ntp-kod. This patch adds the fcontext and a filetrans so it can be created. Changes from v1: * use files_var_filetrans instead of filetrans_pattern Signed-off-by: Jason Zaman perfinion.com> --- policy/modules/contrib/ntp.fc | 1 + policy/modules/contrib/ntp.te | 1 + 2 files changed, 2 insertions(+) diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc index 147e480..89b9cb1 100644 --- a/policy/modules/contrib/ntp.fc +++ b/policy/modules/contrib/ntp.fc @@ -17,6 +17,7 @@ /var/lib/ntp(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0) /var/lib/sntp-kod(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0) +/var/db/ntp-kod -- gen_context(system_u:object_r:ntp_drift_t,s0) /var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0) /var/log/ntpstats(/.*)? gen_context(system_u:object_r:ntpd_log_t,s0) diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te index c37385e..37d974a 100644 --- a/policy/modules/contrib/ntp.te +++ b/policy/modules/contrib/ntp.te @@ -53,6 +53,7 @@ allow ntpd_t self:tcp_socket { accept listen }; manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t) manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t) +files_var_filetrans(ntpd_t, ntp_drift_t, file, "ntp-kod") allow ntpd_t ntp_conf_t:file read_file_perms;