SELinux is preventing ntpd (ntpd_t) "getcap" to <Unknown> (ntpd_t)

Antonio Olivares olivares14031 at yahoo.com
Thu Feb 21 18:06:38 UTC 2008 


Summary:

SELinux is preventing ntpd (ntpd_t) "getcap" to
<Unknown> (ntpd_t).

Detailed Description:

SELinux denied access requested by ntpd. It is not
expected that this access is
required by ntpd and this access may signal an
intrusion attempt. It is also
possible that the specific version or configuration of
the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this
access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
Or you can disable
SELinux protection altogether. Disabling SELinux
protection is not recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context               
unconfined_u:system_r:ntpd_t
Target Context               
unconfined_u:system_r:ntpd_t
Target Objects                None [ process ]
Source                        ntpdate
Source Path                   /usr/sbin/ntpdate
Port                          <Unknown>
Host                          localhost
Source RPM Packages           ntp-4.2.4p4-3.fc9
Target RPM Packages           
Policy RPM                   
selinux-policy-3.2.9-1.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost
Platform                      Linux localhost
2.6.25-0.40.rc1.git2.fc9 #1 SMP
                              Wed Feb 13 17:55:35 EST
2008 i686 athlon
Alert Count                   2
First Seen                    Thu 21 Feb 2008 10:58:12
AM CST
Last Seen                     Thu 21 Feb 2008 10:58:20
AM CST
Local ID                     
ad5db6a3-d94d-4ee7-87ca-e8ea7b0196ea
Line Numbers                  

Raw Audit Messages            

host=localhost type=AVC msg=audit(1203613100.285:81):
avc:  denied  { getcap } for  pid=14697 comm="ntpd"
scontext=unconfined_u:system_r:ntpd_t:s0
tcontext=unconfined_u:system_r:ntpd_t:s0
tclass=process

host=localhost type=SYSCALL
msg=audit(1203613100.285:81): arch=40000003
syscall=184 success=no exit=-13 a0=b8e93444 a1=0
a2=2ad0f0 a3=b8e93440 items=0 ppid=1 pid=14697
auid=500 uid=38 gid=38 euid=38 suid=38 fsuid=38
egid=38 sgid=38 fsgid=38 tty=(none) ses=2 comm="ntpd"
exe="/usr/sbin/ntpd"
subj=unconfined_u:system_r:ntpd_t:s0 key=(null)





      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the fedora-selinux-list mailing list