From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 10 Aug 2012 12:59:07 -0400
Subject: [refpolicy] ntp issue
In-Reply-To: <1344615611.6662.4.camel@d30.localdomain>
References: <1344615611.6662.4.camel@d30.localdomain>
Message-ID: <50253DDB.9060206@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/10/12 12:20, Dominick Grift wrote:
> I was playing with ntp_admin() and i figured out that /etc/ntp.conf is
> labeled net_conf_t. What is the rationale behind that decision, I dont
> see it?

I'd say its a mistake.

> Whatever the reason for this is, its not implemented properly. The
> net_conf_t type should not be used in the ntp.fc file.
> 
> Instead, if one really wants /etc/ntp.conf to be net_conf_t, then move
> the fc spec to sysnetwork.fc
> 
> But again i dont see why this file has to be net_conf_t. Its not good
> for ntp_admin either. I wouldnt want my ntp_admin to have access to
> net_conf_t files just so that he is able to manage ntp config files

I'm fine with a patch that makes a ntp_conf_t.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com