fc3 ntpd shm policy rule

gnu not unix gnu at wraith.sf.ca.us
Tue Aug 16 21:33:50 UTC 2005

Hi folks--

I've been running  fc3 / ccrma selinux and needed to add a
policy to allow ntpd shm access:

allow ntpd_t self:shm { associate create read unix_read unix_write write };
allow ntpd_t tmpfs_t:file { read write };

I put this in my domains/misc/local.te and make reload
and I was in business.

I'm not sure if this would be something you'd want to always
enable, as a typical ntpd uses third party clocks, on the internet
or corportate wan, etc. 

Perhaps a ntpd.client policy for generic, default use,
and an ntpd.refclock policy for all the device and other access
needed to talk to refclocks?

trying to get a feel for selinux

More information about the fedora-selinux-list mailing list