ntp: fix the drift file context and transition

Fix the ntp module by adding a new file context for the default
location of the drift file (frequency of the local clock oscillator)
and by adding the appropriate file transition interface call.

Otherwise, the drift file cannot be created and the following error
message is generated:

frequency file /etc/ntp.drift.TEMP: Permission denied

Signed-off-by: Guido Trentalancia <guido at trentalancia.com>

2 files changed, 2 insertions, 0 deletions

diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index 9c8c35c9a..38436f38a 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -3,6 +3,7 @@
 /etc/cron\.(daily|weekly)/ntp-server	--	gen_context(system_u:object_r:ntpd_exec_t,s0)
 
 /etc/ntp\.conf				--	gen_context(system_u:object_r:ntp_conf_t,s0)
+/etc/ntp\.drift				--	gen_context(system_u:object_r:ntp_drift_t,s0)
 /etc/ntpd.*\.conf.*			--	gen_context(system_u:object_r:ntp_conf_t,s0)
 /etc/ntp/crypto(/.*)?				gen_context(system_u:object_r:ntpd_key_t,s0)
 /etc/ntp/data(/.*)?				gen_context(system_u:object_r:ntp_drift_t,s0)
diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te
index cbd5fd187..30071e2db 100644
--- a/policy/modules/contrib/ntp.te
+++ b/policy/modules/contrib/ntp.te
@@ -66,6 +66,7 @@ allow ntpd_t ntp_conf_t:file read_file_perms;
 
 manage_dirs_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
 manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
+files_etc_filetrans(ntpd_t, ntp_drift_t, file)
 files_var_filetrans(ntpd_t, ntp_drift_t, file)
 
 read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)