Description of problem: During system bootup hwclock seems to be denied access to the system: # dmesg | grep hwclock audit(1122625864.373:2): avc: denied { create } for pid=1441 comm="hwclock" scontext=system_u:system_r:hwclock_t tcontext=system_u:system_r:hwclock_t tclass=netlink_audit_socket audit(1122625863.999:3): avc: denied { write } for pid=1441 comm="hwclock" scontext=system_u:system_r:hwclock_t tcontext=system_u:system_r:hwclock_t tclass=netlink_audit_socket audit(1122625863.999:4): avc: denied { nlmsg_relay } for pid=1441 comm="hwclock" scontext=system_u:system_r:hwclock_t tcontext=system_u:system_r:hwclock_t tclass=netlink_audit_socket audit(1122625863.999:5): avc: denied { read } for pid=1441 comm="hwclock" scontext=system_u:system_r:hwclock_t tcontext=system_u:system_r:hwclock_t tclass=netlink_audit_socket Version-Release number of selected component (if applicable): selinux-policy-targeted-1.25.3-6 How reproducible: Deterministical on one particular machine Additional info: This is the same machine exposing https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163977
Fixed in selinux-policy-targeted-1.25.3-9
also... audit(1122622171.549:3): avc: denied { getattr } for pid=1611 comm="fsck.reiserfs" name="radio0" dev=tmpfs ino=5624 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file
Jul 29 06:40:07 axp kernel: audit(1122633576.122:3): avc: denied { getattr } for pid=1517 comm="fsck.reiserfs" name="audio1" dev=tmpfs ino=5228 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file not all of these seem to make it into the messages file... I've seen at least one with name="dsp"... ?! there is some other complaining at system shutdown which is also not logged. 1.25.3-9 is not coming over the net yet... at least from kernel.org
FWIW, this is all I find which I believe happens during shutdown: Jul 29 10:38:33 axp auditd[2025]: The audit daemon is exiting Jul 29 10:38:33 axp kernel: audit: *NO* daemon at audit_pid=2025 Jul 29 10:38:33 axp kernel: audit(1122647913.970:10225520): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bfb349e0 a2=80510f8 a3=bfb38cd8 items=0 pid=10937 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl" Jul 29 10:38:33 axp kernel: audit(1122647913.970:10225520): saddr=100000000000000000000000 Jul 29 10:38:33 axp kernel: audit(1122647913.970:10225520): nargs=6 a0=3 a1=bfb36b3c a2=10 a3=0 a4=bfb38cd8 a5=c Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): SELinux: unrecognized netlink message type=1009 for sclass=49 Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bfb349d0 a2=80510f8 a3=bfb38cc8 items=0 pid=10937 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl" Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): saddr=100000000000000000000000 Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): nargs=6 a0=3 a1=bfb36b2c a2=10 a3=0 a4=bfb38cc8 a5=c
I have just noticed about this bug and want to add more info... I got the selinux policy update today and it still does not allow hwclock to work... I did a few things to check why and here are the steps.... [root@jzc ~]# setenforce 0 [root@jzc ~]# hwclock --show Tue 02 Aug 2005 01:04:10 PM MST -0.069945 seconds [root@jzc ~]# setenforce 1 [root@jzc ~]# hwclock --show NOTE: My clock is set to local time. Selinux is blocking hwclock's access to the hardware clock. Also, at boot time, this message pops out... audit(1122972407.947:2): avc: denied { create } for pid=1281 comm="hwclock" scontext=system_u:system_r:hwclock_t tcontext=system_u:system_r:hwclock_t tclass=netlink_audit_socket
Just to clairfy the output, it should be like below..... [root@jzc ~]# setenforce 0 [root@jzc ~]# hwclock --show Tue 02 Aug 2005 01:04:10 PM MST -0.069945 seconds [root@jzc ~]# setenforce 1 [root@jzc ~]# hwclock --show [root@jzc ~]# (forgot to add that last line)
Just took another policy update and it still dosen't work... [root@jzc ~]# setenforce 0 [root@jzc ~]# audit2allow -l -d -o $SELINUX_SRC/domains/misc/local.te [root@jzc ~]# hwclock --show Tue 02 Aug 2005 02:20:09 PM MST -0.279594 seconds [root@jzc ~]# setenforce 1 [root@jzc ~]# hwclock --show [root@jzc ~]# ---------------------------------------- [root@jzc ~]# rpm -qi selinux-policy-targeted Name : selinux-policy-targeted Relocations: /usr Version : 1.25.3 Vendor: Red Hat, Inc. Release : 9 Build Date: Thu 28 Jul 2005 08:58:47 AM MST Install Date: Tue 02 Aug 2005 02:18:49 PM MST Build Host: porky.build.redhat.com
Fixed in selinux-policy-targeted-1.25.3-12
Took another update of selinux-policy-targeted and now the hwclock command works. :) [root@jzc ~]# hwclock --show Thu 11 Aug 2005 12:37:02 PM MST -0.677996 seconds [root@jzc ~]# rpm -q selinux-policy-targeted selinux-policy-targeted-1.25.3-12