From 2772b987320944a05a1eec4667706f82933f0379 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Oct 27 2016 12:27:02 +0000 Subject: avoid AVC denials in chrony-wait service (#1350815) --- diff --git a/chrony-wait-service.patch b/chrony-wait-service.patch new file mode 100644 index 0000000..844e88b --- /dev/null +++ b/chrony-wait-service.patch @@ -0,0 +1,12 @@ +diff -up chrony-2.4/examples/chrony-wait.service.chrony-wait chrony-2.4/examples/chrony-wait.service +--- chrony-2.4/examples/chrony-wait.service.chrony-wait 2016-06-07 11:20:59.000000000 +0200 ++++ chrony-2.4/examples/chrony-wait.service 2016-10-27 14:05:14.030882058 +0200 +@@ -9,7 +9,7 @@ Wants=time-sync.target + Type=oneshot + # Wait up to ~10 minutes for chronyd to synchronize and the remaining + # clock correction to be less than 0.1 seconds +-ExecStart=/usr/bin/chronyc waitsync 600 0.1 0.0 1 ++ExecStart=/usr/bin/chronyc -h 127.0.0.1,::1 waitsync 600 0.1 0.0 1 + RemainAfterExit=yes + StandardOutput=null + diff --git a/chrony.spec b/chrony.spec index 61dcdf1..7f355bd 100644 --- a/chrony.spec +++ b/chrony.spec @@ -21,6 +21,8 @@ Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c # add NTP servers from DHCP when starting service Patch1: chrony-service-helper.patch +# avoid AVC denials in chrony-wait service (#1350815) +Patch2: chrony-wait-service.patch BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 @@ -58,12 +60,13 @@ clocks, system real-time clock or manual input as time references. %setup -q -n %{name}-%{version}%{?prerelease} -a 10 %{?gitpatch:%patch0 -p1} %patch1 -p1 -b .service-helper +%patch2 -p1 -b .wait-service %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') - 285022e437ff3be7b79607929f492aac examples/chrony-wait.service + befa1539d00fd6f2ac52a08f098c9b77 examples/chrony-wait.service 5d29f7cefeffe28aafdf017fa8fb51dc examples/chrony.conf.example2 ba6bb05c50e03f6b5ab54a2b7914800d examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate