The /etc/dhcp/dhclient.d/yp.sh file needs to be updated with the changes referenced in this patch. I also notice that ypbind is not yet providing /etc/dhcp/dhclient.d/yp.sh, so that should happen too. +++ This bug was initially created as a clone of Bug #488470 +++ Description of problem: ntpd fails to synchronize to any ntp servers, since it is denied access to /etc/ntp.conf Version-Release number of selected component (if applicable): selinux-policy-3.6.6.-8 How reproducible: Always Steps to Reproduce: 1. Run selinux in enforcing mode 2. /etc/init.d/ntpd restart 3. Actual results: ntpq -p returns: No association ID's returned Expected results: ntpq -p returns: remote refid st t when poll reach delay offset jitter ============================================================================== sites.urchin.ea 193.201.201.18 4 u 11 64 1 35.835 -1.872 0.002 scarlett.lon.re 192.36.144.23 2 u 10 64 1 36.961 -2.837 0.002 ntp1.arse.org .INIT. 16 u - 64 0 0.000 0.000 0.000 lyla.preshweb.c 130.88.200.6 3 u 8 64 1 34.037 -2.130 0.002 ntp4.ja.net .DCFa. 1 u 7 64 1 37.139 -1.534 0.002 or something similar Additional info: node=samson.armitage.org.uk type=AVC msg=audit(1236177107.657:553): avc: denied { getattr } for pid=6697 comm="ntpd" path="/etc/ntp.conf" dev=dm-0 ino=1039455 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file node=samson.armitage.org.uk type=SYSCALL msg=audit(1236177107.657:553): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf9f5730 a2=46fff4 a3=29ac548 items=0 ppid=6696 pid=6697 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null) and also node=samson.armitage.org.uk type=AVC msg=audit(1236177107.629:552): avc: denied { read } for pid=6697 comm="ntpd" name="ntp.conf" dev=dm-0 ino=1039455 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file node=samson.armitage.org.uk type=AVC msg=audit(1236177107.629:552): avc: denied { open } for pid=6697 comm="ntpd" name="ntp.conf" dev=dm-0 ino=1039455 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file node=samson.armitage.org.uk type=SYSCALL msg=audit(1236177107.629:552): arch=40000003 syscall=5 success=yes exit=4 a0=bb5b1a a1=0 a2=1b6 a3=0 items=0 ppid=6696 pid=6697 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null) --- Additional comment from dwalsh on 2009-03-04 10:31:33 EDT --- This looks like this file was created by dhclient? in the /var/lib/dhclient directory and then moved into /etc/ntp.conf. If dhclient is doing this it should run restorecon on the file when it is done. restorecon -R -v /etc/ntp.conf Will fix. --- Additional comment from dwalsh on 2009-03-04 10:33:04 EDT --- Created an attachment (id=334005) Patch to run restorecon on all files created by dhclient
Hi David, ypbind is providing /etc/dhcp/dhclient.d/nis.sh (attached in your mail). It should be renamed to /etc/dhcp/dhclient.d/yp.sh? nis.sh is updated in CVS, please check it before I do a new build.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
The /etc/dhcp/dhclient.d/yp.sh (nis.sh in F-11) seems to be updated with the changes referenced in the patch as requested. I am closing this bug. Please reopen if some problem occurs.