| Summary: | SELinux AVC Errors for chronyd with F25 Install | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John Bieren <jbieren> |
| Component: | chrony | Assignee: | Miroslav Lichvar <mlichvar> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 25 | CC: | bpeck, dominick.grift, dwalsh, lvrabec, mgrepl, mlichvar, plautrba, pmoore |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-01 14:37:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Hi,
Could you attach output of:
# ps -efZ | grep unconfined_service_t
On my system, labels looks fine:
[root@fraw chrony]# pwd
/run/chrony
[root@fraw chrony]# ls -Z
unconfined_u:object_r:chronyd_var_run_t:s0 chronyc.5683.sock
system_u:object_r:chronyd_var_run_t:s0 chronyd.sock
This issue is already fixed in chrony package: https://bugzilla.redhat.com/show_bug.cgi?id=1350815 *** This bug has been marked as a duplicate of bug 1350815 *** |
Description of problem: When running the distribution install task for Fedora 25, I get AVC denied { sendto } errors for chronyd Version-Release number of selected component (if applicable): selinux-policy-3.13.1-220.fc25.noarch Fedora-25-20161026.n.0 Server x86_64 How reproducible: Always Steps to Reproduce: 1. Use Beaker to install Fedora 25 on a host 2. 3. Actual results: ---- time->Sat Oct 29 04:09:51 2016 type=AVC msg=audit(1477728591.816:82): avc: denied { sendto } for pid=763 comm="chronyd" path="/run/chrony/chronyc.793.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0 ---- time->Sat Oct 29 04:09:52 2016 type=AVC msg=audit(1477728592.797:105): avc: denied { sendto } for pid=763 comm="chronyd" path="/run/chrony/chronyc.793.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0 ---- time->Sat Oct 29 04:09:54 2016 type=AVC msg=audit(1477728594.799:107): avc: denied { sendto } for pid=763 comm="chronyd" path="/run/chrony/chronyc.793.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0 Expected results: No AVC Errors Additional info: