249288 – ntp policy improvement

Bug 249288 - ntp policy improvement

Summary: ntp policy improvement

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	139673
TreeView+	depends on / blocked

Reported:	2007-07-23 15:12 UTC by Miroslav Lichvar
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-09-06 15:17:25 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Miroslav Lichvar 2007-07-23 15:12:31 UTC

Description of problem:
I'm preparing a support for public key cryptography in the ntp package and it
would be nice if the keys had a different context so other daemons can't read
them. The keys will be manually generated by administrator with ntp-keygen in
/etc/ntp/crypto directory or copied from another host.

Would be also good to mark the /etc/ntp/keys file used for symmetric key
cryptography.

Please add to ntp.fc something like this:

/etc/ntp/crypto(/.*)?         gen_context(system_u:object_r:ntpd_key_t,s0)
/etc/ntp/keys              -- gen_context(system_u:object_r:ntpd_key_t,s0)

and allow ntpd and ntpdate to read the keys.

Thanks.

Comment 1 Daniel Walsh 2007-09-06 15:17:25 UTC

Fixed in selinux-polciy-3.0.7-1

Note You need to log in before you can comment on or make changes to this bug.