--- /root/public_html/policy/nsa/domains/program/unused/ntpd.te	2004-10-02 01:38:20.000000000 +0300
+++ /etc/security/selinux/src/policy/domains/program/ntpd.te	2004-10-06 04:37:19.999115040 +0300
@@ -22,7 +22,7 @@
 # for SSP
 allow ntpd_t urandom_device_t:chr_file read;
 
-allow ntpd_t self:capability { setgid setuid sys_time net_bind_service ipc_lock };
+allow ntpd_t self:capability { setgid setuid sys_time net_bind_service ipc_lock sys_chroot kill };
 allow ntpd_t self:process { setcap setsched };
 # ntpdate wants sys_nice
 dontaudit ntpd_t self:capability { fsetid sys_nice };
@@ -50,7 +50,7 @@
 can_exec(ntpd_t, initrc_exec_t)
 allow ntpd_t self:fifo_file { read write getattr };
 allow ntpd_t etc_runtime_t:file r_file_perms;
-can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t logrotate_exec_t ntpd_exec_t })
+can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t ntpd_exec_t })
 allow ntpd_t { sbin_t bin_t }:dir search;
 allow ntpd_t bin_t:lnk_file read;
 allow ntpd_t sysctl_kernel_t:dir search;
@@ -59,6 +59,7 @@
 allow ntpd_t sysadm_home_dir_t:dir r_dir_perms;
 allow ntpd_t self:file { getattr read };
 dontaudit ntpd_t domain:dir search;
+ifdef(`logrotate.te', `can_exec(ntpd_t,logrotate_exec_t)')
 ')
 
 allow ntpd_t devtty_t:chr_file rw_file_perms;
--- /root/public_html/policy/nsa/file_contexts/program/ntpd.fc	2004-06-25 23:02:43.000000000 +0300
+++ /etc/security/selinux/src/policy/file_contexts/program/ntpd.fc	2004-10-06 04:39:01.740647976 +0300
@@ -1,9 +1,9 @@
 /var/lib/ntp(/.*)?			system_u:object_r:ntp_drift_t
 /etc/ntp/data(/.*)?			system_u:object_r:ntp_drift_t
-/etc/ntp\.conf			--	system_u:object_r:net_conf_t
+/etc/ntp(d)?\.conf		--	system_u:object_r:net_conf_t
 /etc/ntp/step-tickers		--	system_u:object_r:net_conf_t
-/usr/sbin/ntpd			--	system_u:object_r:ntpd_exec_t
-/usr/sbin/ntpdate		--	system_u:object_r:ntpd_exec_t
+/usr/(s)?bin/ntpd		--	system_u:object_r:ntpd_exec_t
+/usr/(s)?bin/ntpdate		--	system_u:object_r:ntpd_exec_t
 /var/log/ntpstats(/.*)?			system_u:object_r:ntpd_log_t
 /var/log/ntpd.*			--	system_u:object_r:ntpd_log_t
 /var/log/xntpd.*		--	system_u:object_r:ntpd_log_t