* [refpolicy] Updated ntp policy @ 2008-08-25 15:52 Daniel J Walsh 2008-09-11 14:53 ` Christopher J. PeBenito 0 siblings, 1 reply; 3+ messages in thread From: Daniel J Walsh @ 2008-08-25 15:52 UTC (permalink / raw) To: refpolicy http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch Added support for ntpd_key_t for defining crypto information. Prevent other domains from reading. ntp needs getcap Uses shm for talking to certain time devices. Add gpsd support Talks to ptmx also for time devices ^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] Updated ntp policy 2008-08-25 15:52 [refpolicy] Updated ntp policy Daniel J Walsh @ 2008-09-11 14:53 ` Christopher J. PeBenito 2008-09-11 15:28 ` Daniel J Walsh 0 siblings, 1 reply; 3+ messages in thread From: Christopher J. PeBenito @ 2008-09-11 14:53 UTC (permalink / raw) To: refpolicy On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch > > Added support for ntpd_key_t for defining crypto information. Prevent > other domains from reading. > > ntp needs getcap > Uses shm for talking to certain time devices. > > Add gpsd support > > Talks to ptmx also for time devices One thing that is weird is this: +# Necessary to communicate with gpsd devices +fs_rw_tmpfs_files(ntpd_t) it sounds like there is a missing filetrans here. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [refpolicy] Updated ntp policy 2008-09-11 14:53 ` Christopher J. PeBenito @ 2008-09-11 15:28 ` Daniel J Walsh 0 siblings, 0 replies; 3+ messages in thread From: Daniel J Walsh @ 2008-09-11 15:28 UTC (permalink / raw) To: refpolicy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher J. PeBenito wrote: > On Mon, 2008-08-25 at 11:52 -0400, Daniel J Walsh wrote: >> http://people.fedoraproject.org/~dwalsh/SELinux/Policy/services_ntp.patch >> >> Added support for ntpd_key_t for defining crypto information. Prevent >> other domains from reading. >> >> ntp needs getcap >> Uses shm for talking to certain time devices. >> >> Add gpsd support >> >> Talks to ptmx also for time devices > > One thing that is weird is this: > > +# Necessary to communicate with gpsd devices > +fs_rw_tmpfs_files(ntpd_t) > > it sounds like there is a missing filetrans here. > We can try this, but I am not sure if the gpsd device created the file for communication in the tmpfs first. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjJORkACgkQrlYvE4MpobP3qACgl03CsnZszhrbw1btj3dpnmBj wSEAoOZ7PgaxWA9r2j7FH6pDqMlKGTUK =/dSp -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-09-11 15:28 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-08-25 15:52 [refpolicy] Updated ntp policy Daniel J Walsh 2008-09-11 14:53 ` Christopher J. PeBenito 2008-09-11 15:28 ` Daniel J Walsh
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.