Bug 217550 - ntpd generates avc denials
ntpd generates avc denials
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-28 11:11 EST by Steve Friedman
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-28 11:57:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Friedman 2006-11-28 11:11:06 EST
Description of problem:
Latest versions of ntpd and selinux-policy generate avc denials in the log.
(selinux configured for permissive mode).

Version-Release number of selected component (if applicable):
ntp-4.2.2p1-3
selinux-policy-2.4.3-10.fc6

How reproducible:
Every time.

Steps to Reproduce:
1.  Install FC6.
2.  Update to latest released version (not test).
3.  Inspect /var/log/messages
  
Actual results:
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:543): avc:  denied  { write }
for  pid=3379 comm="ntpd" name="ntp" dev=dm-0 ino=5374373
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:544): avc:  denied  {
add_name } for  pid=3379 comm="ntpd" name="drift.TEMP"
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:545): avc:  denied  { create
} for  pid=3379 comm="ntpd" name="drift.TEMP"
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:546): avc:  denied  { write }
for  pid=3379 comm="ntpd" name="drift.TEMP" dev=dm-0 ino=5374817
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:547): avc:  denied  {
remove_name } for  pid=3379 comm="ntpd" name="drift.TEMP" dev=dm-0 ino=5374817
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:548): avc:  denied  { rename
} for  pid=3379 comm="ntpd" name="drift.TEMP" dev=dm-0 ino=5374817
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:549): avc:  denied  { unlink
} for  pid=3379 comm="ntpd" name="drift" dev=dm-0 ino=5375847
scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file



Expected results:
Nothing in log file.

Additional info:
Comment 1 Daniel Walsh 2006-11-28 11:57:35 EST
drift files should be written to /var/lib/ntp  not the /etc directory.

Note You need to log in before you can comment on or make changes to this bug.