Bug 162591 - avc denied search for ntpd
Summary: avc denied search for ntpd
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: i586
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-06 17:01 UTC by Kasper Dupont
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-11 17:29:42 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Kasper Dupont 2005-07-06 17:01:26 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114

Description of problem:
After upgrading from 1.17.30-3.9 to 1.17.30-3.13 the
system started producing error messages, and the clock
is no longer being synchronized with the ntp server.

Jul  6 17:57:00 skjelle kernel: audit(1120665420.971:0): avc:  denied  { search } for  pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
Jul  6 17:57:01 skjelle kernel: audit(1120665421.063:0): avc:  denied  { search } for  pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
Jul  6 17:57:01 skjelle kernel: audit(1120665421.064:0): avc:  denied  { search } for  pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
Jul  6 17:57:01 skjelle kernel: audit(1120665421.065:0): avc:  denied  { search } for  pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
Jul  6 17:57:01 skjelle kernel: audit(1120665421.066:0): avc:  denied  { search } for  pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
Jul  6 17:57:01 skjelle kernel: audit(1120665421.067:0): avc:  denied  { search } for  pid=2800 exe=/usr/sbin/ntpd name=/ dev=md5 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.16

How reproducible:
Always

Steps to Reproduce:
1. Boot


Additional info:

I found two bug reports which may related to this,
but it doesn't look like exactly the same problem.
Bug #141345 and bug #155855.
Comment 1 Daniel Walsh 2005-07-11 17:29:42 UTC 
You have a labeling problem.  Looks like you need to relabel

touch /.autorelabel
reboot.
Comment 2 Kasper Dupont 2005-07-15 08:23:44 UTC 
Relabeling seems to have removed the symptoms. But why does upgrading
selinux-policy-targeted cause labeling problems?
Comment 3 Daniel Walsh 2005-07-15 17:46:59 UTC 
It should not.  Did you boot with SELinux=0?  Or did you add a new disk?

file_t indicates a file without a file context.  IE That is what the kernel puts
in when a file was created outside of SELinux on a labeled file system.

Dan
Comment 4 Kasper Dupont 2005-07-15 19:28:23 UTC 
/home had developed a few bad sectors, so the entire installation was copied to
a software raid-1 on two new disks. After removing the old disk, the system
worked without any problems for a few days until selinux-policy-targeted was
updated.
Note You need to log in before you can comment on or make changes to this bug.