AVCs with ntpd
Felipe Alfaro Solana
felipe_alfaro at linuxmail.org
Mon Sep 20 12:18:17 UTC 2004
OK, so I'm trying SElinux after having it disabled for some time.
That's what I did:
1. Installed selinux-policy-targeted-1.17.16-2
2. Recompiled the kernel with SElinux support
3. Booted into single user mode
4. Ran "fixfiles relabel"
5. Rebooted with "selinux=1"
Now, I'm seeing a lot of these:
audit(1095681913.039:0(: avc: denied { search } for pid=2515
exe=/usr/sbin/ntpd dev=tmpfs ino=357 scontext=user_u:system_r:ntpd_t
tcontext=user_u:object_r"tmpfs_t tclass=dir
The problem here is that I'm using UDEV and that the initial ramdisk
mounts a tmpfs on top of "/dev", thus, covering the labeled "/dev" that
resides on disk.
How should I fix this?
More information about the fedora-selinux-list
mailing list