Bug 249288 – ntp policy improvement

Bug 249288 - ntp policy improvement

Summary:	ntp policy improvement

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	139673
	Show dependency tree / graph

Reported:	2007-07-23 11:12 EDT by Miroslav Lichvar
Modified:	2007-11-30 17:12 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-09-06 11:17:25 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Miroslav Lichvar 2007-07-23 11:12:31 EDT

Description of problem:
I'm preparing a support for public key cryptography in the ntp package and it
would be nice if the keys had a different context so other daemons can't read
them. The keys will be manually generated by administrator with ntp-keygen in
/etc/ntp/crypto directory or copied from another host.

Would be also good to mark the /etc/ntp/keys file used for symmetric key
cryptography.

Please add to ntp.fc something like this:

/etc/ntp/crypto(/.*)?         gen_context(system_u:object_r:ntpd_key_t,s0)
/etc/ntp/keys              -- gen_context(system_u:object_r:ntpd_key_t,s0)

and allow ntpd and ntpdate to read the keys.

Thanks.

Comment 1 Daniel Walsh 2007-09-06 11:17:25 EDT

Fixed in selinux-polciy-3.0.7-1

Note You need to log in before you can comment on or make changes to this bug.