Description of problem: Chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer. The two programs are called chronyd and chronyc. I think it's relevant for apache to have an access to these ressources. I have a PHP server running on this machine. SELinux is preventing /usr/sbin/httpd from 'search' accesses on the directory /var/lib/chrony. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que httpd devrait être autorisé à accéder search sur chrony directory par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:chronyd_var_lib_t:s0 Target Objects /var/lib/chrony [ dir ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.4.3-12.fc18.x86_64 Target RPM Packages chrony-1.27-0.5.pre1.git1ca844.fc18.x86_64 Policy RPM selinux-policy-3.11.1-67.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.7.2-204.fc18.x86_64 #1 SMP Wed Jan 16 16:22:52 UTC 2013 x86_64 x86_64 Alert Count 21 First Seen 2013-01-18 21:07:06 EST Last Seen 2013-01-22 01:22:22 EST Local ID 0e7f2dd8-3199-47f8-bbc9-90ced2d1a216 Raw Audit Messages type=AVC msg=audit(1358835742.145:385): avc: denied { search } for pid=1559 comm="httpd" name="chrony" dev="sda1" ino=20870 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:chronyd_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1358835742.145:385): arch=x86_64 syscall=stat success=no exit=EACCES a0=7f7353bc91a0 a1=7ffff6815690 a2=7ffff6815690 a3=0 items=0 ppid=1215 pid=1559 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 ses=4294967295 tty=(none) comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) Hash: httpd,httpd_t,chronyd_var_lib_t,dir,search audit2allow #============= httpd_t ============== allow httpd_t chronyd_var_lib_t:dir search; audit2allow -R #============= httpd_t ============== allow httpd_t chronyd_var_lib_t:dir search; Additional info: hashmarkername: setroubleshoot kernel: 3.7.2-204.fc18.x86_64 type: libreport Potential duplicate: bug 819276
Did you setup chrony+apache together?
Not specifically. I only run a PHP server and have few extensions installed. I can list you the extensions I have if this can help.
This looks like another duplicate of the bug #768472.
*** This bug has been marked as a duplicate of bug 768472 ***