Bug 122998 - ntpdate avc denies
Summary: ntpdate avc denies
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-11 07:59 UTC by Leonard den Ottolander
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-07-20 12:36:03 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Leonard den Ottolander 2004-05-11 07:59:51 UTC 
policy-1.11.3-3, permissive mode

I see the following avc denies when trying to run ntpdate <server> as
root.

Console login as root:
May 11 09:35:20 a3aan kernel: audit(1084260919.999:0): avc:  denied  {
getattr } for  pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2
ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
May 11 09:35:20 a3aan kernel: audit(1084260920.001:0): avc:  denied  {
ioctl } for  pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2
ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file

SSH login as user, su - root:
May 11 09:40:19 a3aan kernel: audit(1084261219.786:0): avc:  denied  {
getattr } for  pid=1786 exe=/usr/sbin/ntpdate path=/dev/pts/1 dev=
ino=3 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_devpts_t tclass=chr_file
Comment 1 Daniel Walsh 2004-05-21 12:45:14 UTC 
Please submit avc messages from enforcing mode.  Please do a
setenforce 1 and then execute the commands and show me what you get. 
Thanks.

Dan
Comment 2 Leonard den Ottolander 2004-05-22 00:09:51 UTC 
Updated to FC2 release, no updates. Enforcing.

As root from console:
3 times avc:  denied  { read write } for pid=3977
exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2 ino=71082
scontext=root:system_r:ntpd_t
tcontext=system_u:object_r:tty_device_t tclass=chr_file

Via ssh as user sued root:
No errors
Comment 3 Daniel Walsh 2004-06-02 19:04:33 UTC 
Fixed in 

selinux-policy-strict-1.13.2-7.src.rpm
Comment 4 Daniel Walsh 2004-07-20 12:36:03 UTC 
Fixed in Rawhide
Note You need to log in before you can comment on or make changes to this bug.