SELinux is preventing ntpd (ntpd_t) "getcap" to <Unknown> (ntpd_t)
Antonio Olivares
olivares14031 at yahoo.com
Thu Feb 21 18:06:38 UTC 2008
Summary:
SELinux is preventing ntpd (ntpd_t) "getcap" to
<Unknown> (ntpd_t).
Detailed Description:
SELinux denied access requested by ntpd. It is not
expected that this access is
required by ntpd and this access may signal an
intrusion attempt. It is also
possible that the specific version or configuration of
the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this
access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
Or you can disable
SELinux protection altogether. Disabling SELinux
protection is not recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context
unconfined_u:system_r:ntpd_t
Target Context
unconfined_u:system_r:ntpd_t
Target Objects None [ process ]
Source ntpdate
Source Path /usr/sbin/ntpdate
Port <Unknown>
Host localhost
Source RPM Packages ntp-4.2.4p4-3.fc9
Target RPM Packages
Policy RPM
selinux-policy-3.2.9-1.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost
Platform Linux localhost
2.6.25-0.40.rc1.git2.fc9 #1 SMP
Wed Feb 13 17:55:35 EST
2008 i686 athlon
Alert Count 2
First Seen Thu 21 Feb 2008 10:58:12
AM CST
Last Seen Thu 21 Feb 2008 10:58:20
AM CST
Local ID
ad5db6a3-d94d-4ee7-87ca-e8ea7b0196ea
Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1203613100.285:81):
avc: denied { getcap } for pid=14697 comm="ntpd"
scontext=unconfined_u:system_r:ntpd_t:s0
tcontext=unconfined_u:system_r:ntpd_t:s0
tclass=process
host=localhost type=SYSCALL
msg=audit(1203613100.285:81): arch=40000003
syscall=184 success=no exit=-13 a0=b8e93444 a1=0
a2=2ad0f0 a3=b8e93440 items=0 ppid=1 pid=14697
auid=500 uid=38 gid=38 euid=38 suid=38 fsuid=38
egid=38 sgid=38 fsgid=38 tty=(none) ses=2 comm="ntpd"
exe="/usr/sbin/ntpd"
subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the fedora-selinux-list
mailing list