From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: After upgrading from 1.17.30-3.9 to 1.17.30-3.13 the system started producing error messages, and the clock is no longer being synchronized with the ntp server. Jul 6 17:57:00 skjelle kernel: audit(1120665420.971:0): avc: denied { search } for pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir Jul 6 17:57:01 skjelle kernel: audit(1120665421.063:0): avc: denied { search } for pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir Jul 6 17:57:01 skjelle kernel: audit(1120665421.064:0): avc: denied { search } for pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir Jul 6 17:57:01 skjelle kernel: audit(1120665421.065:0): avc: denied { search } for pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir Jul 6 17:57:01 skjelle kernel: audit(1120665421.066:0): avc: denied { search } for pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir Jul 6 17:57:01 skjelle kernel: audit(1120665421.067:0): avc: denied { search } for pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-3.16 How reproducible: Always Steps to Reproduce: 1. Boot Additional info: I found two bug reports which may related to this, but it doesn't look like exactly the same problem. Bug #141345 and bug #155855.
You have a labeling problem. Looks like you need to relabel touch /.autorelabel reboot.
Relabeling seems to have removed the symptoms. But why does upgrading selinux-policy-targeted cause labeling problems?
It should not. Did you boot with SELinux=0? Or did you add a new disk? file_t indicates a file without a file context. IE That is what the kernel puts in when a file was created outside of SELinux on a labeled file system. Dan
/home had developed a few bad sectors, so the entire installation was copied to a software raid-1 on two new disks. After removing the old disk, the system worked without any problems for a few days until selinux-policy-targeted was updated.