Description of problem: Experienced chronyd denials when installing the latest rawhide. The actual AVC denial is in the avc.log: type=AVC msg=audit(1447735905.213:77): avc: denied { sendto } for pid=571 comm="chronyd" path="/run/chrony/chronyc.590.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0
Hi, Could you attach output of: ps -efZ | grep unconfined_service_t Thank you.
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
On Fedora 24 I received this AVC messages: time->Tue Jun 28 20:09:52 2016 type=AVC msg=audit(1467158992.759:88): avc: denied { sendto } for pid=797 comm="chronyd" path="/run/chrony/chronyc.803.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0
This message I see on system with Fedora 23 as well. time->Mon Jul 11 20:13:29 2016 type=AVC msg=audit(1468282409.735:108): avc: denied { sendto } for pid=823 comm="chronyd" path="/run/chrony/chronyc.844.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0
I have run the command of comment #24 on an Fedora 24 system: # ps -efZ | grep unconfined_service_t system_u:system_r:unconfined_service_t:s0 root 1005 1 0 20:20 ? 00:00:00 /usr/libexec/udisks2/udisksd --no-debug unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 2313 2239 0 20:55 pts/0 00:00:00 grep --color=auto unconfined_service_t I have the same messages: type=AVC msg=audit(1468952437.787:227): avc: denied { sendto } for pid=1018 comm="chronyd" path="/run/chrony/chronyc.1108.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0
It looks like a issue with service chrony-wait.service. [root@host ~]# systemctl stop chrony-wait.service [root@host ~]# systemctl restart chronyd.service [root@host ~]# ausearch -m avc -i <no matches> [root@host ~]# systemctl start chrony-wait.service [root@host ~]# systemctl restart chronyd.service [root@host ~]# ausearch -m avc -i ---- type=AVC msg=audit(08/27/2016 10:29:00.155:189) : avc: denied { sendto } for pid=13418 comm=chronyd path=/run/chrony/chronyc.13455.sock scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=1 and it also look like a duplicate of BZ1350815
Bump
*** This bug has been marked as a duplicate of bug 1350815 ***