commit: a62050c31b26767018a3c7585b2905d9b7a40b0f
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Mon Jun 23 18:41:01 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Jun 25 19:04:46 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a62050c3
Add filetrans for ntp-kod file
sntp has a file used to persist the history of KoD responses
received from servers. The default is /var/db/ntp-kod.
This patch adds the fcontext and a filetrans so it can be created.
Changes from v1:
* use files_var_filetrans instead of filetrans_pattern
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
---
policy/modules/contrib/ntp.fc | 1 +
policy/modules/contrib/ntp.te | 1 +
2 files changed, 2 insertions(+)
diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index 147e480..89b9cb1 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -17,6 +17,7 @@
/var/lib/ntp(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
/var/lib/sntp-kod(/.*)?
gen_context(system_u:object_r:ntp_drift_t,s0)
+/var/db/ntp-kod --
gen_context(system_u:object_r:ntp_drift_t,s0)
/var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/var/log/ntpstats(/.*)?
gen_context(system_u:object_r:ntpd_log_t,s0)
diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te
index c37385e..37d974a 100644
--- a/policy/modules/contrib/ntp.te
+++ b/policy/modules/contrib/ntp.te
@@ -53,6 +53,7 @@ allow ntpd_t self:tcp_socket { accept listen };
manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
+files_var_filetrans(ntpd_t, ntp_drift_t, file, "ntp-kod")
allow ntpd_t ntp_conf_t:file read_file_perms;
