Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): selinux-policy-devel-2.4.6-320.el5 selinux-policy-targeted-2.4.6-320.el5 selinux-policy-2.4.6-320.el5 How reproducible: always Steps to Reproduce: 1. get a RHEL-5.8 machine 2. chkconfig firstboot on 3. replace "RUN_FIRSTBOOT=NO" by "RUN_FIRSTBOOT=YES" in /etc/sysconfig/firstboot file 4. reboot the machine 5. click through the firstboot GUI to the "Date and Time" configuration screen 6. enable "Network Time Protocol" 7. click "Forward" 8. click through the rest of configuration screens Actual results: ---- time->Fri Dec 2 15:12:23 2011 type=SYSCALL msg=audit(1322835143.553:8): arch=40000003 syscall=11 success=yes exit=0 a0=881abd0 a1=8819fa0 a2=881aeb8 a3=0 items=0 ppid=2432 pid=2433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null) type=AVC msg=audit(1322835143.553:8): avc: denied { read write } for pid=2433 comm="ntpd" path="socket:[8690]" dev=sockfs ino=8690 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket ---- Expected results: * no AVCs
This is a leaked file descriptor from something in firstboot that starts the ntp daemon. Can safely be ignored. I think we have a dontaudit for this in RHEL6
Yes, we dontaudit it in RHEL6.
Fixed in selinux-policy-2.4.6-321.el5
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0158.html