Description of problem: SELinux prevents ntpd to update system clock after "System clock uses UTC" is unchecked. Version-Release number of selected component (if applicable): 1.9.34-1.fc10 How reproducible: Steps to Reproduce: 1. sudo system-config-date 2. Uncheck "system clock uses UTC" 3. Press "OK" Actual results: 概述: SELinux is preventing ntpd (ntpd_t) "read write" unconfined_t. 详细描述: SELinux denied access requested by ntpd. It is not expected that this access is required by ntpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 允许访问: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. 附加信息: 源上下文 unconfined_u:system_r:ntpd_t:s0 目标上下文 unconfined_u:unconfined_r:unconfined_t:s0 目标对象 socket [ unix_stream_socket ] 源 ntpd 源路径 /usr/sbin/ntpd 端口 <未知> 主机 Rainbow31 源 RPM 软件包 ntp-4.2.4p6-1.fc10 目标 RPM 软件包 策略 RPM selinux-policy-3.5.13-40.fc10 启用 Selinux True 策略类型 targeted 启用 MLS True Enforcing 模式 Enforcing 插件名称 catchall 主机名 Rainbow31 平台 Linux Rainbow31 2.6.27.12-170.2.5.fc10.x86_64 #1 SMP Wed Jan 21 01:33:24 EST 2009 x86_64 x86_64 警报计数 1 第一个 2009年01月30日 星期五 22时14分07秒 最后一个 2009年01月30日 星期五 22时15分29秒 本地 ID 6d70eeb8-4afc-47db-9077-0ac1e152ca53 行号 原始核查信息 node=Rainbow31 type=AVC msg=audit(1233324929.6:22): avc: denied { read write } for pid=3190 comm="ntpd" path="socket:[16647]" dev=sockfs ino=16647 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket node=Rainbow31 type=SYSCALL msg=audit(1233324929.6:22): arch=c000003e syscall=59 success=yes exit=0 a0=ad6480 a1=ad5310 a2=ad6c60 a3=8 items=0 ppid=3189 pid=3190 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null) Expected results: Additional info:
Can't reproduce here, but maybe my selinux settings are different. Fedora 10.
This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.