* [refpolicy] Updated ntp policy
@ 2008-08-25 15:52 Daniel J Walsh
2008-09-11 14:53 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Daniel J Walsh @ 2008-08-25 15:52 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
Added support for ntpd_key_t for defining crypto information. Prevent
other domains from reading.
ntp needs getcap
Uses shm for talking to certain time devices.
Add gpsd support
Talks to ptmx also for time devices
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] Updated ntp policy
2008-08-25 15:52 [refpolicy] Updated ntp policy Daniel J Walsh
@ 2008-09-11 14:53 ` Christopher J. PeBenito
2008-09-11 15:28 ` Daniel J Walsh
0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2008-09-11 14:53 UTC (permalink / raw)
To: refpolicy
On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
>
> Added support for ntpd_key_t for defining crypto information. Prevent
> other domains from reading.
>
> ntp needs getcap
> Uses shm for talking to certain time devices.
>
> Add gpsd support
>
> Talks to ptmx also for time devices
One thing that is weird is this:
+# Necessary to communicate with gpsd devices
+fs_rw_tmpfs_files(ntpd_t)
it sounds like there is a missing filetrans here.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] Updated ntp policy
2008-09-11 14:53 ` Christopher J. PeBenito
@ 2008-09-11 15:28 ` Daniel J Walsh
0 siblings, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2008-09-11 15:28 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch
>>
>> Added support for ntpd_key_t for defining crypto information. Prevent
>> other domains from reading.
>>
>> ntp needs getcap
>> Uses shm for talking to certain time devices.
>>
>> Add gpsd support
>>
>> Talks to ptmx also for time devices
>
> One thing that is weird is this:
>
> +# Necessary to communicate with gpsd devices
> +fs_rw_tmpfs_files(ntpd_t)
>
> it sounds like there is a missing filetrans here.
>
We can try this, but I am not sure if the gpsd device created the file
for communication in the tmpfs first.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjJORkACgkQrlYvE4MpobP3qACgl03CsnZszhrbw1btj3dpnmBj
wSEAoOZ7PgaxWA9r2j7FH6pDqMlKGTUK
=/dSp
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-09-11 15:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-25 15:52 [refpolicy] Updated ntp policy Daniel J Walsh
2008-09-11 14:53 ` Christopher J. PeBenito
2008-09-11 15:28 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.