Bug 122998 - ntpdate avc denies
Summary: ntpdate avc denies
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy   
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-11 07:59 UTC by Leonard den Ottolander
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-20 12:36:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Leonard den Ottolander 2004-05-11 07:59:51 UTC
policy-1.11.3-3, permissive mode

I see the following avc denies when trying to run ntpdate <server> as
root.

Console login as root:
May 11 09:35:20 a3aan kernel: audit(1084260919.999:0): avc:  denied  {
getattr } for  pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2
ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
May 11 09:35:20 a3aan kernel: audit(1084260920.001:0): avc:  denied  {
ioctl } for  pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2
ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file

SSH login as user, su - root:
May 11 09:40:19 a3aan kernel: audit(1084261219.786:0): avc:  denied  {
getattr } for  pid=1786 exe=/usr/sbin/ntpdate path=/dev/pts/1 dev=
ino=3 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_devpts_t tclass=chr_file

Comment 1 Daniel Walsh 2004-05-21 12:45:14 UTC
Please submit avc messages from enforcing mode.  Please do a
setenforce 1 and then execute the commands and show me what you get. 
Thanks.

Dan

Comment 2 Leonard den Ottolander 2004-05-22 00:09:51 UTC
Updated to FC2 release, no updates. Enforcing.

As root from console:
3 times avc:  denied  { read write } for pid=3977
exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2 ino=71082
scontext=root:system_r:ntpd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file

Via ssh as user sued root:
No errors


Comment 3 Daniel Walsh 2004-06-02 19:04:33 UTC
Fixed in 

selinux-policy-strict-1.13.2-7.src.rpm

Comment 4 Daniel Walsh 2004-07-20 12:36:03 UTC
Fixed in Rawhide


Note You need to log in before you can comment on or make changes to this bug.