Policy: /usr/local/sbin/ntpd, Emulation: native native-__sysctl: permit native-adjtime: permit native-bind: sockaddr eq "inet-[0.0.0.0]:123" then permit native-bind: sockaddr eq "inet-[127.0.0.1]:123" then permit native-bind: sockaddr eq "inet-[172.22.137.145]:123" then permit native-break: permit native-chdir: filename eq "/" then permit native-clock_gettime: permit native-clock_settime: permit native-close: permit native-connect: sockaddr eq "/dev/log" then permit native-connect: sockaddr eq "inet-[127.0.0.1]:123" then permit native-connect: sockaddr eq "inet-[131.215.254.2]:2000" then permit native-connect: sockaddr eq "inet-[140.142.16.34]:2000" then permit native-connect: sockaddr eq "inet-[172.22.137.2]:53" then permit native-dup2: permit native-exit: permit native-fcntl: permit native-fork: permit native-fsread: filename eq "/: /etc/malloc.conf" then permit native-fsread: filename eq "/dev/arandom" then permit native-fsread: filename eq "/etc/hosts" then permit native-fsread: filename eq "/etc/ntp.conf" then permit native-fsread: filename eq "/etc/ntp.drift" then permit native-fsread: filename eq "/etc/ntp.keys" then permit native-fsread: filename eq "/etc/resolv.conf" then permit native-fsread: filename eq "/usr/lib" then permit native-fsread: filename eq "/usr/lib/libc.so.28.7" then permit native-fsread: filename eq "/usr/lib/libcrypto.so.8.0" then permit native-fsread: filename eq "/usr/lib/libkvm.so.6.0" then permit native-fsread: filename eq "/usr/lib/libm.so.0.1" then permit native-fsread: filename eq "/usr/lib/libreadline.so.0.0" then permit native-fsread: filename eq "/usr/lib/libtermcap.so.8.0" then permit native-fsread: filename eq "/usr/libexec/ld.so" then permit native-fsread: filename eq "/usr/share/nls/C/libc.cat" then permit native-fsread: filename eq "/: /usr/share/nls/libc/C" then permit native-fsread: filename eq "/usr/share/zoneinfo/US/Pacific" then permit native-fsread: filename eq "/var/run/ld.so.hints" then permit native-fsread: filename eq "/var/tmp" then permit native-fsread: filename match "/var/tmp/ntp*" then permit native-fstat: permit native-fstatfs: permit native-fswrite: filename eq "/dev/null" then permit native-fswrite: filename match "/etc/ntp.drift*" then permit native-fswrite: filename eq "/var/run/ntpd.pid" then permit native-fswrite: filename match "/var/tmp/ntp*" then permit native-getdirentries: permit native-getpid: permit native-getppid: permit native-getsockname: permit native-gettimeofday: permit native-getuid: permit native-ioctl: permit native-issetugid: permit native-lseek: permit native-mlockall: permit native-mmap: permit native-mprotect: permit native-munmap: permit native-nanosleep: permit native-read: permit native-recvfrom: permit native-rename: filename[0] match "/etc/ntp.drift*" and filename[1] match "/etc/ntp.drift*" then permit native-select: permit native-sendto: true then permit native-setitimer: permit native-settimeofday: permit native-setsid: permit native-setsockopt: permit native-sigaction: permit native-sigprocmask: permit native-sigreturn: permit native-sigsuspend: permit native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_DGRAM" then permit native-socket: sockdom eq "AF_UNIX" and socktype eq "SOCK_DGRAM" then permit native-umask: permit native-wait4: permit native-write: permit