All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate
@ 2018-04-14 16:36 Guido Trentalancia
  2018-04-15 21:24 ` Chris PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Guido Trentalancia @ 2018-04-14 16:36 UTC (permalink / raw)
  To: refpolicy

The ntp_run() interface is modified so that it also allows
to run ntpdate and not just ntpd.

The comment in the ntpdate is changed to reflect the fact
that ntpdate is a client and not a server.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/contrib/ntp.if |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff -pru a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
--- a/policy/modules/contrib/ntp.if	2017-09-29 19:01:55.171455647 +0200
+++ b/policy/modules/contrib/ntp.if	2018-04-14 18:14:18.537666188 +0200
@@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
 
 ########################################
 ## <summary>
-##	Execute ntp in the ntp domain, and
-##	allow the specified role the ntp domain.
+##	Execute ntp or ntpdate in the ntp domain,
+##	and allow the specified role the ntp domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -76,12 +76,13 @@ interface(`ntp_run',`
 	')
 
 	ntp_domtrans($1)
+	ntp_domtrans_ntpdate($1)
 	roleattribute $2 ntpd_roles;
 ')
 
 ########################################
 ## <summary>
-##	Execute ntpdate server in the ntpd domain.
+##	Execute ntpdate client in the ntpd domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate
  2018-04-14 16:36 [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate Guido Trentalancia
@ 2018-04-15 21:24 ` Chris PeBenito
  2018-04-15 21:47   ` Guido Trentalancia
  2018-04-16  9:39   ` [refpolicy] [PATCH 2/2 v2] " Guido Trentalancia
  0 siblings, 2 replies; 4+ messages in thread
From: Chris PeBenito @ 2018-04-15 21:24 UTC (permalink / raw)
  To: refpolicy

On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote:
> The ntp_run() interface is modified so that it also allows
> to run ntpdate and not just ntpd.
> 
> The comment in the ntpdate is changed to reflect the fact
> that ntpdate is a client and not a server.
> 
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
>   policy/modules/contrib/ntp.if |    7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff -pru a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
> --- a/policy/modules/contrib/ntp.if	2017-09-29 19:01:55.171455647 +0200
> +++ b/policy/modules/contrib/ntp.if	2018-04-14 18:14:18.537666188 +0200
> @@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
>   
>   ########################################
>   ## <summary>
> -##	Execute ntp in the ntp domain, and
> -##	allow the specified role the ntp domain.
> +##	Execute ntp or ntpdate in the ntp domain,
> +##	and allow the specified role the ntp domain.
>   ## </summary>
>   ## <param name="domain">
>   ##	<summary>
> @@ -76,12 +76,13 @@ interface(`ntp_run',`
>   	')
>   
>   	ntp_domtrans($1)
> +	ntp_domtrans_ntpdate($1)
>   	roleattribute $2 ntpd_roles;
>   ')
>   

This definitely needs to be in a separate interface, ntp_run_ntpdate().


-- 
Chris PeBenito

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate
  2018-04-15 21:24 ` Chris PeBenito
@ 2018-04-15 21:47   ` Guido Trentalancia
  2018-04-16  9:39   ` [refpolicy] [PATCH 2/2 v2] " Guido Trentalancia
  1 sibling, 0 replies; 4+ messages in thread
From: Guido Trentalancia @ 2018-04-15 21:47 UTC (permalink / raw)
  To: refpolicy

That's fine to me, I was undecided...

Regards,

Guido

On the 15th of april 2018 23:24:19 CEST, Chris PeBenito <pebenito@ieee.org> wrote:
>On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote:
>> The ntp_run() interface is modified so that it also allows
>> to run ntpdate and not just ntpd.
>> 
>> The comment in the ntpdate is changed to reflect the fact
>> that ntpdate is a client and not a server.
>> 
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>> ---
>>   policy/modules/contrib/ntp.if |    7 ++++---
>>   1 file changed, 4 insertions(+), 3 deletions(-)
>> 
>> diff -pru a/policy/modules/contrib/ntp.if
>b/policy/modules/contrib/ntp.if
>> --- a/policy/modules/contrib/ntp.if	2017-09-29 19:01:55.171455647
>+0200
>> +++ b/policy/modules/contrib/ntp.if	2018-04-14 18:14:18.537666188
>+0200
>> @@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
>>   
>>   ########################################
>>   ## <summary>
>> -##	Execute ntp in the ntp domain, and
>> -##	allow the specified role the ntp domain.
>> +##	Execute ntp or ntpdate in the ntp domain,
>> +##	and allow the specified role the ntp domain.
>>   ## </summary>
>>   ## <param name="domain">
>>   ##	<summary>
>> @@ -76,12 +76,13 @@ interface(`ntp_run',`
>>   	')
>>   
>>   	ntp_domtrans($1)
>> +	ntp_domtrans_ntpdate($1)
>>   	roleattribute $2 ntpd_roles;
>>   ')
>>   
>
>This definitely needs to be in a separate interface, ntp_run_ntpdate().

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH 2/2 v2] contrib: ntp interface runs both ntpd and ntpdate
  2018-04-15 21:24 ` Chris PeBenito
  2018-04-15 21:47   ` Guido Trentalancia
@ 2018-04-16  9:39   ` Guido Trentalancia
  1 sibling, 0 replies; 4+ messages in thread
From: Guido Trentalancia @ 2018-04-16  9:39 UTC (permalink / raw)
  To: refpolicy

A new ntp_run_ntpdate() interface is added so that it is possible
to run ntpdate with a domain transition and not just ntpd.

The comment in the ntpdate is changed to reflect the fact
that ntpdate is a client and not a server.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/contrib/ntp.if |   28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

--- a/policy/modules/contrib/ntp.if	2017-09-29 19:01:55.171455647 +0200
+++ b/policy/modules/contrib/ntp.if	2018-04-16 11:31:12.058684850 +0200
@@ -81,7 +81,7 @@ interface(`ntp_run',`
 
 ########################################
 ## <summary>
-##	Execute ntpdate server in the ntpd domain.
+##	Execute ntpdate client in the ntpd domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -99,6 +99,32 @@ interface(`ntp_domtrans_ntpdate',`
 ')
 
 ########################################
+## <summary>
+##	Execute ntpdate in the ntp domain, and
+##	allow the specified role the ntp domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`ntp_run_ntpdate',`
+	gen_require(`
+		attribute_role ntpd_roles;
+	')
+
+	ntp_domtrans_ntpdate($1)
+	roleattribute $2 ntpd_roles;
+')
+
+########################################
 ## <summary>
 ##	Execute ntpd init scripts in
 ##	the init script domain.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-16  9:39 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-14 16:36 [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate Guido Trentalancia
2018-04-15 21:24 ` Chris PeBenito
2018-04-15 21:47   ` Guido Trentalancia
2018-04-16  9:39   ` [refpolicy] [PATCH 2/2 v2] " Guido Trentalancia

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.