Hi folks--
I've been running fc3 / ccrma selinux and needed to add a
policy to allow ntpd shm access:
allow ntpd_t self:shm { associate create read unix_read unix_write write };
allow ntpd_t tmpfs_t:file { read write };
I put this in my domains/misc/local.te and make reload
and I was in business.
I'm not sure if this would be something you'd want to always
enable, as a typical ntpd uses third party clocks, on the internet
or corportate wan, etc.
Perhaps a ntpd.client policy for generic, default use,
and an ntpd.refclock policy for all the device and other access
needed to talk to refclocks?
../Steven
trying to get a feel for selinux
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
