Summary: SELinux is preventing /usr/sbin/ntpd "read" access on /etc/samba/smb.conf. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by ntpd. It is not expected that this access is required by ntpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:ntpd_t:s0 Target Context system_u:object_r:samba_etc_t:s0 Target Objects /etc/samba/smb.conf [ file ] Source ntpd Source Path /usr/sbin/ntpd Port <Unknown> Host (removed) Source RPM Packages ntp-4.2.6p3-0.1.rc10.fc14 Target RPM Packages samba-common-3.5.6-71.fc14 Policy RPM selinux-policy-3.9.7-16.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.9-64.fc14.i686 #1 SMP Fri Dec 3 12:35:42 UTC 2010 i686 i686 Alert Count 10 First Seen Sun 12 Dec 2010 11:05:25 AM MST Last Seen Sun 12 Dec 2010 04:59:14 PM MST Local ID 03178ac0-1ad8-4772-a6a3-76c9293173c3 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1292198354.842:10): avc: denied { read } for pid=1598 comm="ntpd" name="smb.conf" dev=dm-0 ino=395518 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:samba_etc_t:s0 tclass=file node=(removed) type=AVC msg=audit(1292198354.842:10): avc: denied { open } for pid=1598 comm="ntpd" name="smb.conf" dev=dm-0 ino=395518 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:samba_etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1292198354.842:10): arch=40000003 syscall=5 success=yes exit=5 a0=be2780 a1=8000 a2=0 a3=0 items=0 ppid=1 pid=1598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null) Hash String generated from catchall,ntpd,ntpd_t,samba_etc_t,file,read audit2allow suggests: #============= ntpd_t ============== allow ntpd_t samba_etc_t:file { read open };
Did you setup ntp and samba to work together? Could you attach your ntp.conf?
Created attachment 468460 [details] ntp.conf configuration file. (In reply to comment #1) > Did you setup ntp and samba to work together? > > Could you attach your ntp.conf? No, I just checked off "Synchronize date and time over the network" on the "Adjust Date and Time" tab. The error appeared right away, later on, I added a new NTP server (my LAN's Windows 2003 DC) since I configured Winbind and join the Linux workstation with AD. Attached is the ntp.conf file.
Mirku, what do you think? It looks legitimate.
I don't see where is this coming from, ntpd doesn't seem to have any code that would read smb.conf. Can you please attach output of ntpd started in strace for few minutes? strace -eopen /usr/sbin/ntpd -n -u ntp:ntp
Winbind?
not necessarily, today ntpd comes with code to allow it to sign packets, needed for samba4 AD servers. nss_winbindd and pam_winbindd iirc do not read smb.conf directly. Let me check the code, I'll get back to you if I find anything relevant.
Created attachment 468759 [details] ntpd read access on samba.conf alert message Not sure if this is related to this bug, this error has happened a couple of times.
Created attachment 468760 [details] ntpd strace output As requested, attached is the output of the ntpd's strace. I gave it 5 mins .. it only opened files during the first minute after that there was no more output. Let me know if we need the log for a longer period of time.
Is this fixed in the current release.