selinux-refpolicy/policy/modules/services/ntp.fc
Russell Coker 54136fa311 more tiny stuff
I think the old timesync labelling wasn't working anyway due to -- for a
directory name.

A couple of patches for devicekit calling dmidecode (this is part of replacing
some kmem access that was discussed on this list and rejected as a misfeature
in Debian DMI related code ages ago).

The rest should be obvious.
2019-01-20 16:20:33 -05:00

42 lines
2.3 KiB
Plaintext

/etc/cron\.daily/ntp -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/etc/cron\.(daily|weekly)/ntp-simple -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/etc/ntp\.conf -- gen_context(system_u:object_r:ntp_conf_t,s0)
/etc/ntp\.drift -- gen_context(system_u:object_r:ntp_drift_t,s0)
/etc/ntpd.*\.conf.* -- gen_context(system_u:object_r:ntp_conf_t,s0)
/etc/ntp/crypto(/.*)? gen_context(system_u:object_r:ntpd_key_t,s0)
/etc/ntp/data(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
/etc/ntp/keys -- gen_context(system_u:object_r:ntpd_key_t,s0)
/etc/ntp/step-tickers.* -- gen_context(system_u:object_r:ntp_conf_t,s0)
/etc/rc\.d/init\.d/ntpd? -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0)
/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_pid_t,s0)
/run/systemd/timesync(/.*)? gen_context(system_u:object_r:ntpd_pid_t,s0)
/usr/bin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/usr/bin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
/usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
/usr/lib/systemd/ntp-units\.d/.* -- gen_context(system_u:object_r:ntpd_unit_t,s0)
/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
/usr/lib/systemd/systemd-timedated -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/usr/lib/systemd/systemd-timesyncd -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
/usr/sbin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
/var/db/ntp-kod -- gen_context(system_u:object_r:ntp_drift_t,s0)
/var/lib/ntp(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
/var/lib/sntp-kod(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
/var/lib/systemd/clock -- gen_context(system_u:object_r:ntp_drift_t,s0)
/var/lib/systemd/timesync(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
/var/lock/ntpdate -- gen_context(system_u:object_r:ntpd_lock_t,s0)
/var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/var/log/ntpstats(/.*)? gen_context(system_u:object_r:ntpd_log_t,s0)
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)