--- /usr/src/se/policy/domains/program/unused/ntpd.te	2004-09-29 00:49:58.000000000 +1000
+++ domains/program/unused/ntpd.te	2004-10-07 16:59:59.000000000 +1000
@@ -22,7 +22,7 @@
 # for SSP
 allow ntpd_t urandom_device_t:chr_file read;
 
-allow ntpd_t self:capability { setgid setuid sys_time net_bind_service ipc_lock };
+allow ntpd_t self:capability { kill setgid setuid sys_time net_bind_service ipc_lock sys_chroot };
 allow ntpd_t self:process { setcap setsched };
 # ntpdate wants sys_nice
 dontaudit ntpd_t self:capability { fsetid sys_nice };
@@ -50,7 +50,7 @@
 can_exec(ntpd_t, initrc_exec_t)
 allow ntpd_t self:fifo_file { read write getattr };
 allow ntpd_t etc_runtime_t:file r_file_perms;
-can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t logrotate_exec_t ntpd_exec_t })
+can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t ntpd_exec_t })
 allow ntpd_t { sbin_t bin_t }:dir search;
 allow ntpd_t bin_t:lnk_file read;
 allow ntpd_t sysctl_kernel_t:dir search;
@@ -59,6 +59,7 @@
 allow ntpd_t sysadm_home_dir_t:dir r_dir_perms;
 allow ntpd_t self:file { getattr read };
 dontaudit ntpd_t domain:dir search;
+ifdef(`logrotate.te', `can_exec(ntpd_t, logrotate_exec_t)')
 ')
 
 allow ntpd_t devtty_t:chr_file rw_file_perms;
--- /usr/src/se/policy/file_contexts/program/ntpd.fc	2004-06-17 15:10:43.000000000 +1000
+++ file_contexts/program/ntpd.fc	2004-10-07 17:00:11.000000000 +1000
@@ -1,6 +1,6 @@
 /var/lib/ntp(/.*)?			system_u:object_r:ntp_drift_t
 /etc/ntp/data(/.*)?			system_u:object_r:ntp_drift_t
-/etc/ntp\.conf			--	system_u:object_r:net_conf_t
+/etc/ntp(d)?\.conf		--	system_u:object_r:net_conf_t
 /etc/ntp/step-tickers		--	system_u:object_r:net_conf_t
 /usr/sbin/ntpd			--	system_u:object_r:ntpd_exec_t
 /usr/sbin/ntpdate		--	system_u:object_r:ntpd_exec_t