This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 457981 - Numerous SELinux avc alerts from ntpd. (/etc/drift)
Numerous SELinux avc alerts from ntpd. (/etc/drift)
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-05 17:44 EDT by Rich Johnson
Modified: 2008-08-07 08:23 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-07 08:23:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Series of avc alerts from targeted policy (7.56 KB, text/plain)
2008-08-05 17:49 EDT, Rich Johnson
no flags Details

  None (edit)
Description Rich Johnson 2008-08-05 17:44:55 EDT
Description of problem:
Numerous SELinux alerts as ntpd attempts to manipulate /etc/drift

Version-Release number of selected component (if applicable):
  ntp-4.2.2p1-8.el5

How reproducible:
  IPL - policy->targeted, enforcment->permissive

Steps to Reproduce:
1.  Install
2.  wait for time to drift
3.
  
Actual results:
  See attached

Expected results:
  No alerts for standard ntpd

Additional info:
Comment 1 Rich Johnson 2008-08-05 17:49:45 EDT
Created attachment 313489 [details]
Series of avc alerts from targeted policy
Comment 2 Daniel Walsh 2008-08-06 13:55:57 EDT
SELinux allows the creation/writing of the drift file in /var/lib/ntp and /etc/ntp/data

Why is this being created in /etc/ntp?

Did you change the defaults?
Comment 3 Rich Johnson 2008-08-06 15:23:20 EDT
(In reply to comment #2)
> SELinux allows the creation/writing of the drift file in /var/lib/ntp and
> /etc/ntp/data
> 
> Why is this being created in /etc/ntp?
> 
> Did you change the defaults?

Not intentionally.  But, following your hint, I found the culprit.

The local kickstart's %post script was entirely too helpful by (re)creating /etc/ntp.conf to reference the in-house ntp server.  That was the root cause.  The clause in question has been carried forward for several releases.

Not A Bug.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.