| Summary: | ntpd produces an AVC when started from firstboot GUI | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Milos Malik <mmalik> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.8 | CC: | dwalsh |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-2.4.6-322.el5 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-21 05:48:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 772956 | ||
This is a leaked file descriptor from something in firstboot that starts the ntp daemon. Can safely be ignored. I think we have a dontaudit for this in RHEL6 Yes, we dontaudit it in RHEL6. Fixed in selinux-policy-2.4.6-321.el5 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0158.html |
Description of problem: Version-Release number of selected component (if applicable): selinux-policy-devel-2.4.6-320.el5 selinux-policy-targeted-2.4.6-320.el5 selinux-policy-2.4.6-320.el5 How reproducible: always Steps to Reproduce: 1. get a RHEL-5.8 machine 2. chkconfig firstboot on 3. replace "RUN_FIRSTBOOT=NO" by "RUN_FIRSTBOOT=YES" in /etc/sysconfig/firstboot file 4. reboot the machine 5. click through the firstboot GUI to the "Date and Time" configuration screen 6. enable "Network Time Protocol" 7. click "Forward" 8. click through the rest of configuration screens Actual results: ---- time->Fri Dec 2 15:12:23 2011 type=SYSCALL msg=audit(1322835143.553:8): arch=40000003 syscall=11 success=yes exit=0 a0=881abd0 a1=8819fa0 a2=881aeb8 a3=0 items=0 ppid=2432 pid=2433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null) type=AVC msg=audit(1322835143.553:8): avc: denied { read write } for pid=2433 comm="ntpd" path="socket:[8690]" dev=sockfs ino=8690 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket ---- Expected results: * no AVCs