fc3 ntpd shm policy rule
gnu not unix
gnu at wraith.sf.ca.us
Tue Aug 16 21:33:50 UTC 2005
Hi folks--
I've been running fc3 / ccrma selinux and needed to add a
policy to allow ntpd shm access:
allow ntpd_t self:shm { associate create read unix_read unix_write write };
allow ntpd_t tmpfs_t:file { read write };
I put this in my domains/misc/local.te and make reload
and I was in business.
I'm not sure if this would be something you'd want to always
enable, as a typical ntpd uses third party clocks, on the internet
or corportate wan, etc.
Perhaps a ntpd.client policy for generic, default use,
and an ntpd.refclock policy for all the device and other access
needed to talk to refclocks?
../Steven
trying to get a feel for selinux
More information about the fedora-selinux-list
mailing list