F7 : ntpd and selinux
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 5 13:23:28 UTC 2007
Skunk Worx wrote:
> Daniel J Walsh wrote:
>> Skunk Worx wrote:
>>> I can see similar comments in bugzilla, so I think this is already
>>> being worked.
>>> ---
>>> John
>>>
>>> > avc: denied { sys_time } for comm="ntpdate" egid=38 euid=38
>>> > avc: denied { kill } for comm="ntpd" egid=0 euid=0 exe="/bin/bash"
>>> exit=0
>>> > avc: denied { sys_nice } for comm="ntpdate" egid=0 euid=0
>>> > avc: denied { setgid } for comm="ntpdate" egid=0 euid=0
>>> exe="/usr/sbin/ntpdate"
>>> > avc: denied { setcap } for comm="ntpdate" egid=38 euid=38
>>> > avc: denied { name_bind } for comm="ntpdate" egid=0 euid=0
>>> > avc: denied { setsched } for comm="ntpdate" egid=0 euid=0
>>> > avc: denied { read } for comm="ntpdate" dev=dm-0 egid=0 euid=0
>>> > avc: denied { signal } for comm="ntpd" egid=0 euid=0
>>> exe="/bin/bash" exit=0
>>> > avc: denied { ioctl } for comm="ntpd" dev=dm-0 egid=0 euid=0
>>> exe="/bin/bash"
>>> > avc: denied { read } for comm="ntpd" dev=dm-0 egid=0 euid=0
>>> exe="/bin/bash"
>>> > avc: denied { getattr } for comm="ntpd" dev=dm-0 egid=0 euid=0
>>> exe="/bin/bash"
>>> > avc: denied { setuid } for comm="ntpdate" egid=38 euid=38
>>>
>> Please attach the log file to show what is causing these messages. I
>> can't generate rules from just this info.
>>
>
>
> SELinux is preventing /bin/rm (dhcpc_t) "unlink" to ntpd.pid
> (ntpd_var_run_t).
> SELinux is preventing /bin/rm (dhcpc_t) "unlink" to ntpd (var_lock_t).
> SELinux is preventing /bin/touch (dhcpc_t) "create" to ntpd (var_lock_t).
> SELinux is preventing /bin/touch (dhcpc_t) "write" to ntpd (var_lock_t).
> SELinux is preventing ntpd (dhcpc_t) "getattr" to
> /var/lock/subsys/ntpd (var_lock_t).
> SELinux is preventing ntpd (dhcpc_t) "getattr" to /var/run/ntpd.pid
> (ntpd_var_run_t).
> SELinux is preventing ntpd (dhcpc_t) "ioctl" to /var/run/ntpd.pid
> (ntpd_var_run_t).
> SELinux is preventing ntpd (dhcpc_t) "kill" to <Unknown> (dhcpc_t).
> SELinux is preventing ntpd (dhcpc_t) "read" to ntpd.pid (ntpd_var_run_t).
> SELinux is preventing ntpd (dhcpc_t) "signal" to <Unknown> (ntpd_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "name_bind" to
> <Unknown> (ntp_port_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "read" to
> /usr/sbin/ntpdate (ntpdate_exec_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "setcap" to
> <Unknown> (dhcpc_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "setgid" to
> <Unknown> (dhcpc_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "setsched" to
> <Unknown> (dhcpc_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "setuid" to
> <Unknown> (dhcpc_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "sys_nice" to
> <Unknown> (dhcpc_t).
> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "sys_time" to
> <Unknown> (dhcpc_t).
>
> If this is not useful could you provide a command line and sample
> expected output?
>
> ---
> John
>
grep ntp /var/log/audit/audit.log
More information about the fedora-list
mailing list