This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 483192 - SELinux prevents ntpd to update system clock after "System clock uses UTC" is unchecked
SELinux prevents ntpd to update system clock after "System clock uses UTC" is...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: system-config-date (Show other bugs)
10
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Nils Philippsen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-30 01:28 EST by Zuxy Meng
Modified: 2009-12-18 02:44 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-12-18 02:44:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Zuxy Meng 2009-01-30 01:28:46 EST
Description of problem:
SELinux prevents ntpd to update system clock after "System clock uses UTC" is unchecked.

Version-Release number of selected component (if applicable):
1.9.34-1.fc10

How reproducible:


Steps to Reproduce:
1. sudo system-config-date
2. Uncheck "system clock uses UTC"
3. Press "OK"
  
Actual results:

概述:

SELinux is preventing ntpd (ntpd_t) "read write" unconfined_t.

详细描述:

SELinux denied access requested by ntpd. It is not expected that this access is
required by ntpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

允许访问:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

附加信息:

源上下文                  unconfined_u:system_r:ntpd_t:s0
目标上下文               unconfined_u:unconfined_r:unconfined_t:s0
目标对象                  socket [ unix_stream_socket ]
源                           ntpd
源路径                     /usr/sbin/ntpd
端口                        <未知>
主机                        Rainbow31
源 RPM 软件包             ntp-4.2.4p6-1.fc10
目标 RPM 软件包          
策略 RPM                    selinux-policy-3.5.13-40.fc10
启用 Selinux                True
策略类型                  targeted
启用 MLS                    True
Enforcing 模式              Enforcing
插件名称                  catchall
主机名                     Rainbow31
平台                        Linux Rainbow31 2.6.27.12-170.2.5.fc10.x86_64 #1
                              SMP Wed Jan 21 01:33:24 EST 2009 x86_64 x86_64
警报计数                  1
第一个                     2009年01月30日 星期五 22时14分07秒
最后一个                  2009年01月30日 星期五 22时15分29秒
本地 ID                     6d70eeb8-4afc-47db-9077-0ac1e152ca53
行号                        

原始核查信息            

node=Rainbow31 type=AVC msg=audit(1233324929.6:22): avc:  denied  { read write } for  pid=3190 comm="ntpd" path="socket:[16647]" dev=sockfs ino=16647 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket

node=Rainbow31 type=SYSCALL msg=audit(1233324929.6:22): arch=c000003e syscall=59 success=yes exit=0 a0=ad6480 a1=ad5310 a2=ad6c60 a3=8 items=0 ppid=3189 pid=3190 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)


Expected results:


Additional info:
Comment 1 lexual 2009-02-26 19:02:25 EST
Can't reproduce here, but maybe my selinux settings are different. Fedora 10.
Comment 2 Bug Zapper 2009-11-18 05:55:13 EST
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Bug Zapper 2009-12-18 02:44:41 EST
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.