[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Jason Zaman Mon, 12 Oct 2020 20:02:40 -0700

commit:     756a3f044b37130daf744a690cacc0f6fb3c8155
Author:     Antoine Tenart <antoine.tenart <AT> bootlin <DOT> com>
AuthorDate: Mon Oct  5 14:59:27 2020 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Oct 11 21:14:40 2020 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=756a3f04


ntp: allow systemd-timesyn to setfscreate

Fixes:

avc:  denied  { setfscreate } for  pid=68 comm="systemd-timesyn"
scontext=system_u:system_r:ntpd_t tcontext=system_u:system_r:ntpd_t
tclass=process permissive=1

Signed-off-by: Antoine Tenart <antoine.tenart <AT> bootlin.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/services/ntp.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index b9cc0ea2..34c674e1 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -141,6 +141,8 @@ userdom_dontaudit_use_unpriv_user_fds(ntpd_t)
 userdom_list_user_home_dirs(ntpd_t)
 
 ifdef(`init_systemd',`
+       allow ntpd_t self:process setfscreate;
+
        allow ntpd_t ntpd_unit_t:file read_file_perms;
 
        dbus_system_bus_client(ntpd_t)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Reply via email to