Bug 759499 - ntpd produces an AVC when started from firstboot GUI
ntpd produces an AVC when started from firstboot GUI
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.8
All Linux
medium Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks: 772956
  Show dependency treegraph
 
Reported: 2011-12-02 09:46 EST by Milos Malik
Modified: 2014-11-28 04:14 EST (History)
1 user (show)

See Also:
Fixed In Version: selinux-policy-2.4.6-322.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-21 00:48:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2011-12-02 09:46:24 EST
Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-devel-2.4.6-320.el5
selinux-policy-targeted-2.4.6-320.el5
selinux-policy-2.4.6-320.el5

How reproducible:
always

Steps to Reproduce:
1. get a RHEL-5.8 machine
2. chkconfig firstboot on
3. replace "RUN_FIRSTBOOT=NO" by "RUN_FIRSTBOOT=YES" in
/etc/sysconfig/firstboot file
4. reboot the machine
5. click through the firstboot GUI to the "Date and Time" configuration screen
6. enable "Network Time Protocol"
7. click "Forward"
8. click through the rest of configuration screens

Actual results:
----
time->Fri Dec  2 15:12:23 2011
type=SYSCALL msg=audit(1322835143.553:8): arch=40000003 syscall=11 success=yes exit=0 a0=881abd0 a1=8819fa0 a2=881aeb8 a3=0 items=0 ppid=2432 pid=2433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1322835143.553:8): avc:  denied  { read write } for  pid=2433 comm="ntpd" path="socket:[8690]" dev=sockfs ino=8690 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket
----

Expected results:
* no AVCs
Comment 1 Daniel Walsh 2011-12-02 13:19:46 EST
This is a leaked file descriptor from something in firstboot that starts the ntp daemon.  Can safely be ignored.

I think we have a dontaudit for this in RHEL6
Comment 2 Miroslav Grepl 2011-12-05 03:49:46 EST
Yes, we dontaudit it in RHEL6.
Comment 4 Miroslav Grepl 2011-12-15 08:17:23 EST
Fixed in selinux-policy-2.4.6-321.el5
Comment 10 errata-xmlrpc 2012-02-21 00:48:39 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0158.html

Note You need to log in before you can comment on or make changes to this bug.