* [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate
@ 2018-04-14 16:36 Guido Trentalancia
2018-04-15 21:24 ` Chris PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: Guido Trentalancia @ 2018-04-14 16:36 UTC (permalink / raw)
To: refpolicy
The ntp_run() interface is modified so that it also allows
to run ntpdate and not just ntpd.
The comment in the ntpdate is changed to reflect the fact
that ntpdate is a client and not a server.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
policy/modules/contrib/ntp.if | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff -pru a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
--- a/policy/modules/contrib/ntp.if 2017-09-29 19:01:55.171455647 +0200
+++ b/policy/modules/contrib/ntp.if 2018-04-14 18:14:18.537666188 +0200
@@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
########################################
## <summary>
-## Execute ntp in the ntp domain, and
-## allow the specified role the ntp domain.
+## Execute ntp or ntpdate in the ntp domain,
+## and allow the specified role the ntp domain.
## </summary>
## <param name="domain">
## <summary>
@@ -76,12 +76,13 @@ interface(`ntp_run',`
')
ntp_domtrans($1)
+ ntp_domtrans_ntpdate($1)
roleattribute $2 ntpd_roles;
')
########################################
## <summary>
-## Execute ntpdate server in the ntpd domain.
+## Execute ntpdate client in the ntpd domain.
## </summary>
## <param name="domain">
## <summary>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate
2018-04-14 16:36 [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate Guido Trentalancia
@ 2018-04-15 21:24 ` Chris PeBenito
2018-04-15 21:47 ` Guido Trentalancia
2018-04-16 9:39 ` [refpolicy] [PATCH 2/2 v2] " Guido Trentalancia
0 siblings, 2 replies; 4+ messages in thread
From: Chris PeBenito @ 2018-04-15 21:24 UTC (permalink / raw)
To: refpolicy
On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote:
> The ntp_run() interface is modified so that it also allows
> to run ntpdate and not just ntpd.
>
> The comment in the ntpdate is changed to reflect the fact
> that ntpdate is a client and not a server.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
> policy/modules/contrib/ntp.if | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff -pru a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
> --- a/policy/modules/contrib/ntp.if 2017-09-29 19:01:55.171455647 +0200
> +++ b/policy/modules/contrib/ntp.if 2018-04-14 18:14:18.537666188 +0200
> @@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
>
> ########################################
> ## <summary>
> -## Execute ntp in the ntp domain, and
> -## allow the specified role the ntp domain.
> +## Execute ntp or ntpdate in the ntp domain,
> +## and allow the specified role the ntp domain.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> @@ -76,12 +76,13 @@ interface(`ntp_run',`
> ')
>
> ntp_domtrans($1)
> + ntp_domtrans_ntpdate($1)
> roleattribute $2 ntpd_roles;
> ')
>
This definitely needs to be in a separate interface, ntp_run_ntpdate().
--
Chris PeBenito
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate
2018-04-15 21:24 ` Chris PeBenito
@ 2018-04-15 21:47 ` Guido Trentalancia
2018-04-16 9:39 ` [refpolicy] [PATCH 2/2 v2] " Guido Trentalancia
1 sibling, 0 replies; 4+ messages in thread
From: Guido Trentalancia @ 2018-04-15 21:47 UTC (permalink / raw)
To: refpolicy
That's fine to me, I was undecided...
Regards,
Guido
On the 15th of april 2018 23:24:19 CEST, Chris PeBenito <pebenito@ieee.org> wrote:
>On 04/14/2018 12:36 PM, Guido Trentalancia via refpolicy wrote:
>> The ntp_run() interface is modified so that it also allows
>> to run ntpdate and not just ntpd.
>>
>> The comment in the ntpdate is changed to reflect the fact
>> that ntpdate is a client and not a server.
>>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>> ---
>> policy/modules/contrib/ntp.if | 7 ++++---
>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff -pru a/policy/modules/contrib/ntp.if
>b/policy/modules/contrib/ntp.if
>> --- a/policy/modules/contrib/ntp.if 2017-09-29 19:01:55.171455647
>+0200
>> +++ b/policy/modules/contrib/ntp.if 2018-04-14 18:14:18.537666188
>+0200
>> @@ -55,8 +55,8 @@ interface(`ntp_domtrans',`
>>
>> ########################################
>> ## <summary>
>> -## Execute ntp in the ntp domain, and
>> -## allow the specified role the ntp domain.
>> +## Execute ntp or ntpdate in the ntp domain,
>> +## and allow the specified role the ntp domain.
>> ## </summary>
>> ## <param name="domain">
>> ## <summary>
>> @@ -76,12 +76,13 @@ interface(`ntp_run',`
>> ')
>>
>> ntp_domtrans($1)
>> + ntp_domtrans_ntpdate($1)
>> roleattribute $2 ntpd_roles;
>> ')
>>
>
>This definitely needs to be in a separate interface, ntp_run_ntpdate().
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [PATCH 2/2 v2] contrib: ntp interface runs both ntpd and ntpdate
2018-04-15 21:24 ` Chris PeBenito
2018-04-15 21:47 ` Guido Trentalancia
@ 2018-04-16 9:39 ` Guido Trentalancia
1 sibling, 0 replies; 4+ messages in thread
From: Guido Trentalancia @ 2018-04-16 9:39 UTC (permalink / raw)
To: refpolicy
A new ntp_run_ntpdate() interface is added so that it is possible
to run ntpdate with a domain transition and not just ntpd.
The comment in the ntpdate is changed to reflect the fact
that ntpdate is a client and not a server.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
policy/modules/contrib/ntp.if | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
--- a/policy/modules/contrib/ntp.if 2017-09-29 19:01:55.171455647 +0200
+++ b/policy/modules/contrib/ntp.if 2018-04-16 11:31:12.058684850 +0200
@@ -81,7 +81,7 @@ interface(`ntp_run',`
########################################
## <summary>
-## Execute ntpdate server in the ntpd domain.
+## Execute ntpdate client in the ntpd domain.
## </summary>
## <param name="domain">
## <summary>
@@ -99,6 +99,32 @@ interface(`ntp_domtrans_ntpdate',`
')
########################################
+## <summary>
+## Execute ntpdate in the ntp domain, and
+## allow the specified role the ntp domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`ntp_run_ntpdate',`
+ gen_require(`
+ attribute_role ntpd_roles;
+ ')
+
+ ntp_domtrans_ntpdate($1)
+ roleattribute $2 ntpd_roles;
+')
+
+########################################
## <summary>
## Execute ntpd init scripts in
## the init script domain.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-16 9:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-14 16:36 [refpolicy] [PATCH 2/2] contrib: ntp interface runs both ntpd and ntpdate Guido Trentalancia
2018-04-15 21:24 ` Chris PeBenito
2018-04-15 21:47 ` Guido Trentalancia
2018-04-16 9:39 ` [refpolicy] [PATCH 2/2 v2] " Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.