Bug 974305
Summary: | SELinux is preventing /usr/sbin/chronyd from using the 'getsession' accesses on a process. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
Component: | chrony | Assignee: | Miroslav Lichvar <mlichvar> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | dominick.grift, dwalsh, mgrepl, mlichvar |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:a2bc6ad856be05c140071ee3ffe42da3904600dc5fbe2028476285ba094e6ab5 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-19 15:01:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Adam Williamson
2013-06-13 22:41:00 UTC
Does chrony have anything to do with audit? Chrony doesn't have anything to do with audit. On start, when /var/run/chronyd.pid exists, chronyd tries getsid(pid) to see if there is another chronyd running. How could this happen on boot, when /var/run is empty, I'm not sure. It seems recent systemd versions remove pid file specified in the service file when the service is stopped. chronyd is normally unable to remove its pid file when stopping due to dropped root permissions, but we can now let systemd to do it and prevent the problem with another process reusing the same pid and chronyd trying to run getsid() on it. This is in chrony-1.29-3.fc21. |