This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 122998 - ntpdate avc denies
ntpdate avc denies
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-11 03:59 EDT by Leonard den Ottolander
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-20 08:36:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Leonard den Ottolander 2004-05-11 03:59:51 EDT
policy-1.11.3-3, permissive mode

I see the following avc denies when trying to run ntpdate <server> as
root.

Console login as root:
May 11 09:35:20 a3aan kernel: audit(1084260919.999:0): avc:  denied  {
getattr } for  pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2
ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
May 11 09:35:20 a3aan kernel: audit(1084260920.001:0): avc:  denied  {
ioctl } for  pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2
ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file

SSH login as user, su - root:
May 11 09:40:19 a3aan kernel: audit(1084261219.786:0): avc:  denied  {
getattr } for  pid=1786 exe=/usr/sbin/ntpdate path=/dev/pts/1 dev=
ino=3 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_devpts_t tclass=chr_file
Comment 1 Daniel Walsh 2004-05-21 08:45:14 EDT
Please submit avc messages from enforcing mode.  Please do a
setenforce 1 and then execute the commands and show me what you get. 
Thanks.

Dan
Comment 2 Leonard den Ottolander 2004-05-21 20:09:51 EDT
Updated to FC2 release, no updates. Enforcing.

As root from console:
3 times avc:  denied  { read write } for pid=3977
exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2 ino=71082
scontext=root:system_r:ntpd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file

Via ssh as user sued root:
No errors
Comment 3 Daniel Walsh 2004-06-02 15:04:33 EDT
Fixed in 

selinux-policy-strict-1.13.2-7.src.rpm
Comment 4 Daniel Walsh 2004-07-20 08:36:03 EDT
Fixed in Rawhide

Note You need to log in before you can comment on or make changes to this bug.