Bug 461401 - Selinux prevents ntpd from starting
Selinux prevents ntpd from starting
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-07 06:02 EDT by Paul Smith
Modified: 2008-09-07 10:23 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-07 10:23:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Smith 2008-09-07 06:02:31 EDT
The messages that I get are:

--------------------

Summary:

SELinux is preventing the ntpd from using potentially mislabeled files
(./services).

Detailed Description:

SELinux has denied ntpd access to potentially mislabeled file(s) (./services).
This means that SELinux will not allow ntpd to use these files. It is common for
users to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up with the
wrong file context which confined applications are not allowed to access.

Allowing Access:

If you want ntpd to access this files, you need to relabel them using restorecon
-v './services'. You might want to relabel the entire directory using restorecon
-R -v '.'.

Additional Information:

Source Context                unconfined_u:system_r:ntpd_t:s0
Target Context                unconfined_u:object_r:rpm_script_tmp_t:s0
Target Objects                ./services [ file ]
Source                        ntpd
Source Path                   /usr/sbin/ntpd
Port                          <Unknown>
Host                          mypc
Source RPM Packages           ntp-4.2.4p4-7.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-84.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     mypc
Platform                      Linux mypc 2.6.25.14-108.fc9.i686 #1 SMP Mon Aug 4
                              14:08:11 EDT 2008 i686 i686
Alert Count                   9
First Seen                    Sun 07 Sep 2008 10:56:25 AM WEST
Last Seen                     Sun 07 Sep 2008 10:56:27 AM WEST
Local ID                      c66e6354-b26d-442a-bae7-c12aaa44acea
Line Numbers                  

Raw Audit Messages            

host=mypc type=AVC msg=audit(1220781387.527:58): avc:  denied  { read } for  pid=4798 comm="ntpd" name="services" dev=dm-0 ino=11649032 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:object_r:rpm_script_tmp_t:s0 tclass=file

host=mypc type=SYSCALL msg=audit(1220781387.527:58): arch=40000003 syscall=5 success=no exit=-13 a0=457f06 a1=80000 a2=1b6 a3=80000 items=0 ppid=4797 pid=4798 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)

--------------------

Paul
Comment 1 Paul Smith 2008-09-07 10:23:55 EDT
The problem was solved with a relabeling. So, it is not a bug, and I am going
to close it.

Paul

Note You need to log in before you can comment on or make changes to this bug.