Bug 144610 - ntpdate -d doesn't show output
ntpdate -d doesn't show output
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-09 13:23 EST by Markku Kolkka
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-24 15:54:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Markku Kolkka 2005-01-09 13:23:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0

Description of problem:
The command "ntpdate -d" is supposed to show debugging output about all the steps of communication with the time server, but it doesn't display anything at all.

Version-Release number of selected component (if applicable):
ntp-4.2.0.a.20040617-4

How reproducible:
Always

Steps to Reproduce:
1. ntpdate -d pool.ntp.org
2.
3.
  

Actual Results:  nothing happens, the program runs for a few seconds and exits without any output or log messages

Expected Results:  ntpdate should display info like this (run on another machine under Gentoo Linux):
ntpdate -d pool.ntp.org
 9 Jan 20:14:25 ntpdate[19491]: ntpdate 4.2.0@1.1161-r Fri Jul  2 14:59:00 EEST2004 (1)
Looking for host pool.ntp.org and service ntp
host found : aqua.subnet.at
transmit(193.170.141.4)
receive(193.170.141.4)
transmit(193.170.141.4)
receive(193.170.141.4)
transmit(193.170.141.4)
receive(193.170.141.4)
transmit(193.170.141.4)
receive(193.170.141.4)
transmit(193.170.141.4)
server 193.170.141.4, port 123
stratum 3, precision -17, leap 00, trust 000
refid [193.170.141.4], delay 0.12941, dispersion 0.00206
transmitted 4, in filter 4
reference time:    c58bee46.f76e71cd  Sun, Jan  9 2005 19:54:14.966
originate timestamp: c58bf30e.21897a67  Sun, Jan  9 2005 20:14:38.131
transmit timestamp:  c58bf30e.12fb6dca  Sun, Jan  9 2005 20:14:38.074
filter delay:  0.13007  0.12941  0.14760  0.13660
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.004927 0.005075 0.013603 0.001336
         0.000000 0.000000 0.000000 0.000000
delay 0.12941, dispersion 0.00206
offset 0.005075

 9 Jan 20:14:38 ntpdate[19491]: adjust time server 193.170.141.4 offset 0.005075 sec


Additional info:
Comment 1 Harald Hoyer 2005-01-10 06:03:26 EST
try:

# ntpdate -d | cat

ntpdate is not allowed to print to the terminal due to selinux policies.
Comment 2 Daniel Walsh 2005-01-10 13:42:27 EST
ntpdate should not be locked down.  

Which policy are you running.

rpm -q  selinux-policy-targeted

Also what is the context of /usr/sbin/ntpdate?

ls -lZ /usr/sbin/ntpdate

you can try 
restorecon /usr/sbin/ntpdate 
and then try the command again.
Comment 3 Markku Kolkka 2005-01-10 17:45:08 EST
# rpm -q selinux-policy-targeted
selinux-policy-targeted-1.17.30-2.68
# ls -lZ /usr/sbin/ntpdate
-rwxr-xr-x  root     root     system_u:object_r:ntpd_exec_t   
/usr/sbin/ntpdate

# restorecon /usr/sbin/ntpdate
# ntpdate -d pool.ntp.org
#

(no change after restorecon)
Comment 4 Daniel Walsh 2005-01-10 17:58:45 EST
Did restorecon change the context of ntpdate?

ls -lZ /usr/sbin/ntpdate

It should be ntpdate_exec_t?

Comment 5 Markku Kolkka 2005-01-10 18:11:05 EST
Yes, the context was changed:
$ ls -lZ /usr/sbin/ntpdate
-rwxr-xr-x  root     root     system_u:object_r:ntpdate_exec_t
/usr/sbin/ntpdate
Comment 6 Daniel Walsh 2005-01-11 09:34:02 EST
And it doesn't display anything at to the terminal?

Are you seeing any AVC messages in the log file?

Dan
Comment 7 Markku Kolkka 2005-01-11 10:09:27 EST
As I said in the initial report, nothing is displayed on the terminal
and there are no AVC messages in the log.
Comment 8 Daniel Walsh 2005-01-21 15:50:31 EST
Ok, I have no idea.  This is working fine on my test machines

> ls -lZ /usr/sbin/ntpdate
-rwxr-xr-x  root     root     system_u:object_r:ntpdate_exec_t /usr/sbin/ntpdate
> ntpdate -d pool.ntp.org
21 Jan 15:48:42 ntpdate[12208]: ntpdate 4.2.0a@1.1190-r Wed Jan 12 10:30:43 EST
2005 (1)
Looking for host pool.ntp.org and service ntp
host found : dsl027-160-099.atl1.dsl.speakeasy.net
transmit(216.27.160.99)
transmit(216.27.160.99)
transmit(216.27.160.99)
transmit(216.27.160.99)
transmit(216.27.160.99)
216.27.160.99: Server dropped: no data
server 216.27.160.99, port 123
stratum 0, precision 0, leap 00, trust 000
refid [216.27.160.99], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time:    00000000.00000000  Thu, Feb  7 2036  1:28:16.000
originate timestamp: 00000000.00000000  Thu, Feb  7 2036  1:28:16.000
transmit timestamp:  c59be92e.443504c4  Fri, Jan 21 2005 15:48:46.266
filter delay:  0.00000  0.00000  0.00000  0.00000
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
         0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000

21 Jan 15:48:47 ntpdate[12208]: no server suitable for synchronization found
> getenforce
Enforcing
Comment 9 Martin Ebourne 2005-01-28 17:32:00 EST
!WORKSFORME. Maybe you could reopen this.

# getenforce
Enforcing
# ntpdate pool.ntp.org
# echo 0 > /selinux/enforce 
# ntpdate pool.ntp.org
28 Jan 22:24:33 ntpdate[5645]: step time server 62.220.226.1 offset
-0.982552 sec
# tail /var/log/messages | grep avc
Jan 28 22:24:31 amilo kernel: audit(1106951071.978:0): avc:  granted 
{ setenforce } for  pid=5598 exe=/bin/bash
scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
Jan 28 22:24:32 amilo dbus: avc:  received setenforce notice
(enforcing=0) 
Jan 28 22:24:33 amilo kernel: audit(1106951073.759:0): avc:  denied  {
getattr } for  pid=5645 exe=/usr/sbin/ntpdate path=/dev/pts/3
dev=devpts ino=5 scontext=root:system_r:ntpd_t
tcontext=root:object_r:devpts_t tclass=chr_file
# ls -Z /usr/sbin/ntpdate
-rwxr-xr-x  root     root     system_u:object_r:ntpdate_exec_t
/usr/sbin/ntpdate
# ls -Z /dev/pts/3
crw--w----  martin   tty      root:object_r:devpts_t           /dev/pts/3
# rpm -q selinux-policy-targeted
selinux-policy-targeted-1.17.30-2.73

This is happening on both the machines I'm running selinux on. Both
fully updated FC3. The one above was a fresh install a few days ago. I
did an autorelabel boot earlier, didn't help.

Note You need to log in before you can comment on or make changes to this bug.