Description of problem: Just boot'd up my Fedora 20 and the alarm got shown SELinux is preventing /usr/sbin/chronyd from 'read' accesses on the file . ***** Plugin catchall (100. confidence) suggests ************************** If si crede che chronyd dovrebbe avere possibilità di accesso read sui file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep chronyd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:chronyd_t:s0 Target Context unconfined_u:object_r:admin_home_t:s0 Target Objects [ file ] Source chronyd Source Path /usr/sbin/chronyd Port <Unknown> Host (removed) Source RPM Packages chrony-1.30-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-177.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.15.6-200.fc20.x86_64 #1 SMP Fri Jul 18 02:36:27 UTC 2014 x86_64 x86_64 Alert Count 29 First Seen 2014-07-24 04:59:20 CEST Last Seen 2014-07-25 14:54:32 CEST Local ID dea681d2-b9cd-4bfb-929f-e9ce06ce8a84 Raw Audit Messages type=AVC msg=audit(1406292872.591:133): avc: denied { read } for pid=1787 comm="chronyd" name="hosts" dev="sda6" ino=542982 scontext=system_u:system_r:chronyd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file type=SYSCALL msg=audit(1406292872.591:133): arch=x86_64 syscall=open success=no exit=EACCES a0=7fcfa2ef7f0e a1=80000 a2=1b6 a3=1 items=0 ppid=1 pid=1787 auid=4294967295 uid=990 gid=988 euid=990 suid=990 fsuid=990 egid=988 sgid=988 fsgid=988 tty=(none) ses=4294967295 comm=chronyd exe=/usr/sbin/chronyd subj=system_u:system_r:chronyd_t:s0 key=(null) Hash: chronyd,chronyd_t,admin_home_t,file,read Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.15.6-200.fc20.x86_64 type: libreport
You have mislabeled /etc/hosts file. If you execute # restorecon -v /etc/hosts it will fix the labeling.