# allow shm refclock access
allow ntpd_t self:shm { associate create read unix_read unix_write write };
allow ntpd_t tmpfs_t:file { read write };