commit: 0402209aa9f09e25a1283661b79445d61a0babd6 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Sun Aug 14 18:57:29 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Wed Aug 17 16:46:55 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0402209a
Update the sysnetwork module to add some permissions needed by the dhcp client (another separate patch makes changes to the ifconfig part). Create auxiliary interfaces in the ntp module. The permission to execute restorecon/setfiles (required by the dhclient-script script and granted in a previous version of this patch) is not granted, as it does not break the script functioning. Include revisions from Chris PeBenito. Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net> policy/modules/contrib/ntp.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if index 192e342..f8534c6 100644 --- a/policy/modules/contrib/ntp.if +++ b/policy/modules/contrib/ntp.if @@ -101,6 +101,25 @@ interface(`ntp_initrc_domtrans',` ######################################## ## <summary> +## Read ntp conf files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ntp_read_conf_files',` + gen_require(` + type ntp_conf_t; + ') + + files_search_etc($1) + read_files_pattern($1, ntp_conf_t, ntp_conf_t) +') + +######################################## +## <summary> ## Read ntp drift files. ## </summary> ## <param name="domain">
