Red Hat Bugzilla – Bug 249288
ntp policy improvement
Last modified: 2007-11-30 17:12:11 EST
Description of problem:
I'm preparing a support for public key cryptography in the ntp package and it
would be nice if the keys had a different context so other daemons can't read
them. The keys will be manually generated by administrator with ntp-keygen in
/etc/ntp/crypto directory or copied from another host.
Would be also good to mark the /etc/ntp/keys file used for symmetric key
Please add to ntp.fc something like this:
/etc/ntp/keys -- gen_context(system_u:object_r:ntpd_key_t,s0)
and allow ntpd and ntpdate to read the keys.
Fixed in selinux-polciy-3.0.7-1