usr.sbin.ntpd (2216B)
- # ------------------------------------------------------------------
- #
- # Copyright (C) 2002-2009 Novell/SUSE
- # Copyright (C) 2010 Canonical Ltd.
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of version 2 of the GNU General Public
- # License published by the Free Software Foundation.
- #
- # ------------------------------------------------------------------
- abi <abi/3.0>,
- include <tunables/global>
- include <tunables/ntpd>
- profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
- include <abstractions/base>
- include <abstractions/nameservice>
- include <abstractions/openssl>
- include <abstractions/ssl_certs>
- include <abstractions/xad>
- capability dac_override,
- capability ipc_lock,
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_chroot,
- capability sys_resource,
- capability sys_time,
- capability sys_nice,
- network unspec dgram,
- /drift/ntp.drift rwl,
- /drift/ntp.drift.TEMP rwl,
- /etc/ntp.conf r,
- /etc/ntp/drift* rwl,
- /etc/ntp.keys r,
- /etc/ntp/step-tickers r,
- /etc/ntpd.conf r,
- /etc/ntpd.conf.tmp r,
- /tmp/ntp* rwl,
- /{usr/,usr/local/,}{s,}bin/ r,
- /usr/{bin,sbin}/{,open}ntpd rmix,
- /var/db/ r,
- /var/db/ntpd.drift rwl,
- /var/lib/ntp/drift rwl,
- /var/lib/ntp/drift.TEMP rwl,
- /var/lib/ntp/drift/driftfile rw,
- /var/lib/ntp/drift/driftfile.TEMP rw,
- /var/lib/ntp/drift/ntp.drift rw,
- /var/lib/ntp/drift/ntp.drift.TEMP rw,
- /var/lib/ntp/etc/* r,
- /var/lib/ntp/ntp.drift rw,
- /var/lib/ntp/ntp.drift.TEMP rw,
- /var/lib/ntp@{run}/ntp/ntpd.pid w,
- /var/log/ntp w,
- /var/log/ntp.log w,
- /var/log/ntpstats/clockstats* lrw,
- /var/log/ntpstats/loopstats* lrw,
- /var/log/ntpstats/peerstats* lrw,
- /var/opt/novell/xad/rpc/xadsd rw,
- @{run}/nscd/services r,
- @{run}/ntpd.pid w,
- @{run}/ntp/ntpd.pid w,
- @{run}/ntpd.sock rwl,
- /var/tmp/ntp* rwl,
- @{PROC}/@{pid}/net/if_inet6 r,
- # allow access for when chrooted
- /var/lib/ntp/@{PROC}/@{pid}/net/if_inet6 r,
- /var/lib/ntp/@{PROC}/sys/kernel/ngroups_max r,
- @{NTPD_DEVICE} rw,
- # Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.sbin.ntpd>
- }