Description of problem: Some process triggers a time adjustment several times an hour: # ausearch -m TIME_ADJNTPVAL -i ---- type=PROCTITLE msg=audit(04/08/2020 11:53:30.637:596) : proctitle=/usr/lib/systemd/systemd-timesyncd type=SYSCALL msg=audit(04/08/2020 11:53:30.637:596) : arch=x86_64 syscall=clock_adjtime success=yes exit=0 a0=0x0 a1=0x7ffe4e785660 a2=0x7 a3=0x0 items=0 ppid=1 pid=728 auid=unset uid=systemd-timesync gid=systemd-timesync euid=systemd-timesync suid=systemd-timesync fsuid=systemd-timesync egid=systemd-timesync sgid=systemd-timesync fsgid=systemd-timesync tty=(none) ses=unset comm=systemd-timesyn exe=/usr/lib/systemd/systemd-timesyncd subj=system_u:system_r:systemd_timedated_t:s0 key=(null) type=TIME_ADJNTPVAL msg=audit(04/08/2020 11:53:30.637:596) : op=status old=0 new=8193 type=TIME_ADJNTPVAL msg=audit(04/08/2020 11:53:30.637:596) : op=offset old=-292074373880 new=-12781564974858 ---- Version-Release number of selected component (if applicable): selinux-policy-3.14.5-32.fc32.noarch selinux-policy-devel-3.14.5-32.fc32.noarch selinux-policy-doc-3.14.5-32.fc32.noarch selinux-policy-minimum-3.14.5-32.fc32.noarch selinux-policy-mls-3.14.5-32.fc32.noarch selinux-policy-sandbox-3.14.5-32.fc32.noarch selinux-policy-targeted-3.14.5-32.fc32.noarch systemd-245.4-1.fc32.x86_64 systemd-bootchart-233-6.fc32.x86_64 systemd-container-245.4-1.fc32.x86_64 systemd-libs-245.4-1.fc32.x86_64 systemd-pam-245.4-1.fc32.x86_64 systemd-rpm-macros-245.4-1.fc32.noarch systemd-udev-245.4-1.fc32.x86_64 How reproducible: * not sure, but happened on both my Fedora 31 and Fedora 32 VMs Actual results (enforcing mode): ---- type=PROCTITLE msg=audit(04/08/2020 11:53:30.637:597) : proctitle=/usr/lib/systemd/systemd-timesyncd type=SYSCALL msg=audit(04/08/2020 11:53:30.637:597) : arch=x86_64 syscall=fstat success=no exit=EACCES(Permission denied) a0=0xf a1=0x7ffe4e785400 a2=0x7ffe4e785400 a3=0x7ffe4e785226 items=0 ppid=1 pid=728 auid=unset uid=systemd-timesync gid=systemd-timesync euid=systemd-timesync suid=systemd-timesync fsuid=systemd-timesync egid=systemd-timesync sgid=systemd-timesync fsgid=systemd-timesync tty=(none) ses=unset comm=systemd-timesyn exe=/usr/lib/systemd/systemd-timesyncd subj=system_u:system_r:systemd_timedated_t:s0 key=(null) type=AVC msg=audit(04/08/2020 11:53:30.637:597) : avc: denied { getattr } for pid=728 comm=systemd-timesyn path=/run/systemd/timesync/synchronized dev="tmpfs" ino=43687 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 ---- type=PROCTITLE msg=audit(04/08/2020 11:53:30.637:598) : proctitle=/usr/lib/systemd/systemd-timesyncd type=PATH msg=audit(04/08/2020 11:53:30.637:598) : item=0 name=/proc/self/fd/15 inode=43687 dev=00:18 mode=file,644 ouid=systemd-timesync ogid=systemd-timesync rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(04/08/2020 11:53:30.637:598) : cwd=/ type=SYSCALL msg=audit(04/08/2020 11:53:30.637:598) : arch=x86_64 syscall=utimensat success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x7ffe4e7854f0 a2=0x0 a3=0x0 items=1 ppid=1 pid=728 auid=unset uid=systemd-timesync gid=systemd-timesync euid=systemd-timesync suid=systemd-timesync fsuid=systemd-timesync egid=systemd-timesync sgid=systemd-timesync fsgid=systemd-timesync tty=(none) ses=unset comm=systemd-timesyn exe=/usr/lib/systemd/systemd-timesyncd subj=system_u:system_r:systemd_timedated_t:s0 key=(null) type=AVC msg=audit(04/08/2020 11:53:30.637:598) : avc: denied { write } for pid=728 comm=systemd-timesyn name=synchronized dev="tmpfs" ino=43687 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 ---- Expected results: * no SELinux denials
I can reproduce. What info is needed?
There is a PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/707