Description of problem: After successful installation of chrony into my fresh fine running fc14 (2.6.35.10-74 kernel) in Oracle VM VirtualBox (3.2.12 r68302) on my Intel Core Quad Q9550 I got SELinux complains: /usr/sbin/chronyd like to read/write to chronyd.pid. Further I found entries in /var/log/messages, that /var/lib/chrony/drift could not be opened. Also no files in /var/log/chrony got created. I ran "grep chronyd /var/log/audit/audit*|audit2allow" and got #============= chronyd_t ============== #!!!! This avc can be allowed using the boolean 'allow_daemons_use_tty' allow chronyd_t user_devpts_t:chr_file { read write }; allow chronyd_t var_run_t:file { read write }; and created my local rule by "grep chronyd /var/log/audit/audit*|audit2allow -M localchronydrules". After installation of this rule, again no files in /var/log/chrony got created - even after a restart. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 471806 [details] .te-ruleset by audit2allow
Created attachment 471807 [details] .pp-ruleset by audit2allow
Hm, I don't see it here, with allow_daemons_use_tty off.
I think you have something mislabeled in /var/run restorecon -R -v /var/run /var/log Should fix. This looks like a leaked file descriptor allow chronyd_t user_devpts_t:chr_file { read write };
Hi, I tried "restorecon ..." and that did not work. But later (sorry) I found, that in my "chrony.conf" the log-dir was set up fine - but the instances to log have been commented out... Thus no files got produces - as it should be. Maybe the defaults should be changed? It seems to be running fine now. Thanks for your assistance.