commit: 756a3f044b37130daf744a690cacc0f6fb3c8155 Author: Antoine Tenart <antoine.tenart <AT> bootlin <DOT> com> AuthorDate: Mon Oct 5 14:59:27 2020 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Oct 11 21:14:40 2020 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=756a3f04
ntp: allow systemd-timesyn to setfscreate Fixes: avc: denied { setfscreate } for pid=68 comm="systemd-timesyn" scontext=system_u:system_r:ntpd_t tcontext=system_u:system_r:ntpd_t tclass=process permissive=1 Signed-off-by: Antoine Tenart <antoine.tenart <AT> bootlin.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/ntp.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te index b9cc0ea2..34c674e1 100644 --- a/policy/modules/services/ntp.te +++ b/policy/modules/services/ntp.te @@ -141,6 +141,8 @@ userdom_dontaudit_use_unpriv_user_fds(ntpd_t) userdom_list_user_home_dirs(ntpd_t) ifdef(`init_systemd',` + allow ntpd_t self:process setfscreate; + allow ntpd_t ntpd_unit_t:file read_file_perms; dbus_system_bus_client(ntpd_t)