[refpolicy] [PATCH 0/5-v3] Updates for chronyd

[refpolicy] [PATCH 0/5-v3] Updates for chronyd

[David Sugar]

 
This patch set is several changes to the chronyd module to achieve the following things:

1) Separate type for /etc/chrony.conf along with interfaces.
??? v2 - fix a comment in the patch
2) Interfaces to start/stop/status/etc.. the chronyd service
??? v2 - fix a comment in the patch
3) Allow chronyd to send/recv ntp client packets
4) New type for chronyc - it is run from chrony-wait.service but it was running in init_t domain
??? v2 - incorporate feedback on interface names & fix denial related to chowning /var/run/chrony
5) Add interface to domtrans into chronyc domain
??? v2 - incorporate feedback on interface names & allow cli access to tty

I have updated based on feedback.? I'm re-submitting the whole set.? I hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.

v3 - don't submit as HTML emails - I'm not sure why that happened.

?chronyd.fc |?? 2 +
?chronyd.if | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
?chronyd.te |? 60 ++++++++++++++++++++++-
?3 files changed, 221 insertions(+), 2 deletions(-)

-- 
2.14.3    

[refpolicy] [PATCH 0/5-v3] Updates for chronyd

[Chris PeBenito]

On 02/24/2018 09:37 AM, David Sugar via refpolicy wrote:
>   
> This patch set is several changes to the chronyd module to achieve the following things:
> 
> 1) Separate type for /etc/chrony.conf along with interfaces.
>  ??? v2 - fix a comment in the patch
> 2) Interfaces to start/stop/status/etc.. the chronyd service
>  ??? v2 - fix a comment in the patch
> 3) Allow chronyd to send/recv ntp client packets
> 4) New type for chronyc - it is run from chrony-wait.service but it was running in init_t domain
>  ??? v2 - incorporate feedback on interface names & fix denial related to chowning /var/run/chrony
> 5) Add interface to domtrans into chronyc domain
>  ??? v2 - incorporate feedback on interface names & allow cli access to tty
> 
> I have updated based on feedback.? I'm re-submitting the whole set.? I hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
> 
> v3 - don't submit as HTML emails - I'm not sure why that happened.
> 
>  ?chronyd.fc |?? 2 +
>  ?chronyd.if | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  ?chronyd.te |? 60 ++++++++++++++++++++++-
>  ?3 files changed, 221 insertions(+), 2 deletions(-)

These still don't apply with git am.  There are conflicts and fuzz.


-- 
Chris PeBenito

[refpolicy] [PATCH 0/5-v3] Updates for chronyd

[David Sugar]

> -----Original Message-----
> From: Chris PeBenito [mailto:pebenito at ieee.org]
> Sent: Tuesday, February 27, 2018 5:24 PM
> To: David Sugar; refpolicy at oss.tresys.com
> Subject: Re: [refpolicy] [PATCH 0/5-v3] Updates for chronyd
> 
> On 02/24/2018 09:37 AM, David Sugar via refpolicy wrote:
> >
> > This patch set is several changes to the chronyd module to achieve the
> following things:
> >
> > 1) Separate type for /etc/chrony.conf along with interfaces.
> >  ??? v2 - fix a comment in the patch
> > 2) Interfaces to start/stop/status/etc.. the chronyd service
> >  ??? v2 - fix a comment in the patch
> > 3) Allow chronyd to send/recv ntp client packets
> > 4) New type for chronyc - it is run from chrony-wait.service but it
> was running in init_t domain
> >  ??? v2 - incorporate feedback on interface names & fix denial related
> to chowning /var/run/chrony
> > 5) Add interface to domtrans into chronyc domain
> >  ??? v2 - incorporate feedback on interface names & allow cli access
> to tty
> >
> > I have updated based on feedback.? I'm re-submitting the whole set.? I
> hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
> >
> > v3 - don't submit as HTML emails - I'm not sure why that happened.
> >
> >  ?chronyd.fc |?? 2 +
> >  ?chronyd.if | 161
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >  ?chronyd.te |? 60 ++++++++++++++++++++++-
> >  ?3 files changed, 221 insertions(+), 2 deletions(-)
> 
> These still don't apply with git am.  There are conflicts and fuzz.
> 

I'm not sure what is wrong.  I just rebased to the latest refpolicy-contrib and remade the patches.  They are exactly the same as what I sent in v3 (there have not been any other changes in chronyd policy for a while).  Except that tabs were replaced with spaces in the email.  Could that be causing diff to complain?  I can try creating them again and just make sure that tabs get into the email that I send and hope the mail server somewhere isn't causing problems.

Dave Sugar
dsugar at tresys.com

> 
> --
> Chris PeBenito

[refpolicy] [PATCH 0/5-v3] Updates for chronyd

[Chris PeBenito]

On 02/27/2018 07:25 PM, David Sugar via refpolicy wrote:
> 
> 
>> -----Original Message-----
>> From: Chris PeBenito [mailto:pebenito at ieee.org]
>> Sent: Tuesday, February 27, 2018 5:24 PM
>> To: David Sugar; refpolicy at oss.tresys.com
>> Subject: Re: [refpolicy] [PATCH 0/5-v3] Updates for chronyd
>>
>> On 02/24/2018 09:37 AM, David Sugar via refpolicy wrote:
>>>
>>> This patch set is several changes to the chronyd module to achieve the
>> following things:
>>>
>>> 1) Separate type for /etc/chrony.conf along with interfaces.
>>>   ??? v2 - fix a comment in the patch
>>> 2) Interfaces to start/stop/status/etc.. the chronyd service
>>>   ??? v2 - fix a comment in the patch
>>> 3) Allow chronyd to send/recv ntp client packets
>>> 4) New type for chronyc - it is run from chrony-wait.service but it
>> was running in init_t domain
>>>   ??? v2 - incorporate feedback on interface names & fix denial related
>> to chowning /var/run/chrony
>>> 5) Add interface to domtrans into chronyc domain
>>>   ??? v2 - incorporate feedback on interface names & allow cli access
>> to tty
>>>
>>> I have updated based on feedback.? I'm re-submitting the whole set.? I
>> hope this is easiest for Chris when merging.? Only 3/5 has NOT changed.
>>>
>>> v3 - don't submit as HTML emails - I'm not sure why that happened.
>>>
>>>   ?chronyd.fc |?? 2 +
>>>   ?chronyd.if | 161
>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>   ?chronyd.te |? 60 ++++++++++++++++++++++-
>>>   ?3 files changed, 221 insertions(+), 2 deletions(-)
>>
>> These still don't apply with git am.  There are conflicts and fuzz.
>>
> 
> I'm not sure what is wrong.  I just rebased to the latest refpolicy-contrib and remade the patches.  They are exactly the same as what I sent in v3 (there have not been any other changes in chronyd policy for a while).  Except that tabs were replaced with spaces in the email.  Could that be causing diff to complain?  I can try creating them again and just make sure that tabs get into the email that I send and hope the mail server somewhere isn't causing problems.

If you want to put it as a pull request on GitHub, that's fine.

-- 
Chris PeBenito