policy-1.11.3-3, permissive mode I see the following avc denies when trying to run ntpdate <server> as root. Console login as root: May 11 09:35:20 a3aan kernel: audit(1084260919.999:0): avc: denied { getattr } for pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2 ino=71082 scontext=root:system_r:ntpd_t tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file May 11 09:35:20 a3aan kernel: audit(1084260920.001:0): avc: denied { ioctl } for pid=1674 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2 ino=71082 scontext=root:system_r:ntpd_t tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file SSH login as user, su - root: May 11 09:40:19 a3aan kernel: audit(1084261219.786:0): avc: denied { getattr } for pid=1786 exe=/usr/sbin/ntpdate path=/dev/pts/1 dev= ino=3 scontext=root:system_r:ntpd_t tcontext=root:object_r:sysadm_devpts_t tclass=chr_file
Please submit avc messages from enforcing mode. Please do a setenforce 1 and then execute the commands and show me what you get. Thanks. Dan
Updated to FC2 release, no updates. Enforcing. As root from console: 3 times avc: denied { read write } for pid=3977 exe=/usr/sbin/ntpdate path=/dev/tty1 dev=hda2 ino=71082 scontext=root:system_r:ntpd_t tcontext=system_u:object_r:tty_device_t tclass=chr_file Via ssh as user sued root: No errors
Fixed in selinux-policy-strict-1.13.2-7.src.rpm
Fixed in Rawhide