Hide Forgot
Description of problem: When running the distribution install task for Fedora 25, I get AVC denied { sendto } errors for chronyd Version-Release number of selected component (if applicable): selinux-policy-3.13.1-220.fc25.noarch Fedora-25-20161026.n.0 Server x86_64 How reproducible: Always Steps to Reproduce: 1. Use Beaker to install Fedora 25 on a host 2. 3. Actual results: ---- time->Sat Oct 29 04:09:51 2016 type=AVC msg=audit(1477728591.816:82): avc: denied { sendto } for pid=763 comm="chronyd" path="/run/chrony/chronyc.793.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0 ---- time->Sat Oct 29 04:09:52 2016 type=AVC msg=audit(1477728592.797:105): avc: denied { sendto } for pid=763 comm="chronyd" path="/run/chrony/chronyc.793.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0 ---- time->Sat Oct 29 04:09:54 2016 type=AVC msg=audit(1477728594.799:107): avc: denied { sendto } for pid=763 comm="chronyd" path="/run/chrony/chronyc.793.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket permissive=0 Expected results: No AVC Errors Additional info:
Hi, Could you attach output of: # ps -efZ | grep unconfined_service_t On my system, labels looks fine: [root@fraw chrony]# pwd /run/chrony [root@fraw chrony]# ls -Z unconfined_u:object_r:chronyd_var_run_t:s0 chronyc.5683.sock system_u:object_r:chronyd_var_run_t:s0 chronyd.sock
This issue is already fixed in chrony package: https://bugzilla.redhat.com/show_bug.cgi?id=1350815 *** This bug has been marked as a duplicate of bug 1350815 ***