Description of problem: I'm preparing a support for public key cryptography in the ntp package and it would be nice if the keys had a different context so other daemons can't read them. The keys will be manually generated by administrator with ntp-keygen in /etc/ntp/crypto directory or copied from another host. Would be also good to mark the /etc/ntp/keys file used for symmetric key cryptography. Please add to ntp.fc something like this: /etc/ntp/crypto(/.*)? gen_context(system_u:object_r:ntpd_key_t,s0) /etc/ntp/keys -- gen_context(system_u:object_r:ntpd_key_t,s0) and allow ntpd and ntpdate to read the keys. Thanks.
Fixed in selinux-polciy-3.0.7-1