Re: F7 : ntpd and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel J Walsh wrote:

Skunk Worx wrote:

Daniel J Walsh wrote:

Skunk Worx wrote:
I can see similar comments in bugzilla, so I think this is already being worked. 
---
John

> avc: denied { sys_time } for comm="ntpdate" egid=38 euid=38
Please attach the log file to show what is causing these messages. I can't generate rules from just this info.
SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "sys_time" to <Unknown> (dhcpc_t).
If this is not useful could you provide a command line and sample expected output? 

---
John


grep ntp /var/log/audit/audit.log



Thanks.
type=AVC msg=audit(1181102914.825:33): avc: denied { getattr } for pid=3514 comm="ntpd" name="ntpd" dev=dm-0 ino=16581960 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file type=SYSCALL msg=audit(1181102914.825:33): arch=40000003 syscall=195 success=yes exit=0 a0=9d87298 a1=bfee9f78 a2=978ff4 a3=9d87298 items=0 ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" subj=system_u:system_r:dhcpc_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181102914.825:33):  path="/var/lock/subsys/ntpd"
type=AVC msg=audit(1181102914.825:34): avc: denied { getattr } for pid=3514 comm="ntpd" name="ntpd.pid" dev=dm-0 ino=16581959 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1181102914.825:34): arch=40000003 syscall=195 success=yes exit=0 a0=9da3ce8 a1=bfee7b48 a2=978ff4 a3=9da3ce8 items=0 ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" subj=system_u:system_r:dhcpc_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181102914.825:34):  path="/var/run/ntpd.pid"
type=AVC msg=audit(1181102914.825:35): avc: denied { read } for pid=3514 comm="ntpd" name="ntpd.pid" dev=dm-0 ino=16581959 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1181102914.825:35): arch=40000003 syscall=5 success=yes exit=3 a0=9da3d00 a1=8000 a2=0 a3=8000 items=0 ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:36): avc: denied { ioctl } for pid=3514 comm="ntpd" name="ntpd.pid" dev=dm-0 ino=16581959 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1181102914.825:36): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5401 a2=bfee7258 a3=bfee7298 items=0 ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" subj=system_u:system_r:dhcpc_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181102914.825:36):  path="/var/run/ntpd.pid"
type=AVC msg=audit(1181102914.825:37): avc: denied { kill } for pid=3514 comm="ntpd" capability=5 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=AVC msg=audit(1181102914.825:37): avc: denied { signal } for pid=3514 comm="ntpd" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:ntpd_t:s0 tclass=process type=SYSCALL msg=audit(1181102914.825:37): arch=40000003 syscall=37 success=yes exit=0 a0=830 a1=f a2=830 a3=830 items=0 ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:38): avc: denied { unlink } for pid=3520 comm="rm" name="ntpd.pid" dev=dm-0 ino=16581959 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file type=AVC msg=audit(1181102914.825:39): avc: denied { remove_name } for pid=3521 comm="rm" name="ntpd" dev=dm-0 ino=16581960 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir type=AVC msg=audit(1181102914.825:39): avc: denied { unlink } for pid=3521 comm="rm" name="ntpd" dev=dm-0 ino=16581960 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file type=AVC msg=audit(1181102914.825:40): avc: denied { execute } for pid=3528 comm="ntpd" name="ntpdate" dev=dm-0 ino=2733415 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpdate_exec_t:s0 tclass=file type=AVC msg=audit(1181102914.825:40): avc: denied { execute_no_trans } for pid=3528 comm="ntpd" name="ntpdate" dev=dm-0 ino=2733415 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpdate_exec_t:s0 tclass=file type=AVC msg=audit(1181102914.825:40): avc: denied { read } for pid=3528 comm="ntpd" name="ntpdate" dev=dm-0 ino=2733415 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntpdate_exec_t:s0 tclass=file type=SYSCALL msg=audit(1181102914.825:40): arch=40000003 syscall=11 success=yes exit=0 a0=9da1ac0 a1=9d82f60 a2=9d8fdd0 a3=0 items=0 ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181102914.825:40):  path="/usr/sbin/ntpdate"
type=AVC_PATH msg=audit(1181102914.825:40):  path="/usr/sbin/ntpdate"
type=AVC msg=audit(1181102914.825:41): avc: denied { name_bind } for pid=3528 comm="ntpdate" src=123 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:ntp_port_t:s0 tclass=udp_socket type=SYSCALL msg=audit(1181102914.825:41): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfee8400 a2=8000f698 a3=0 items=0 ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:42): avc: denied { sys_nice } for pid=3528 comm="ntpdate" capability=23 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=AVC msg=audit(1181102914.825:42): avc: denied { setsched } for pid=3528 comm="ntpdate" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=process type=SYSCALL msg=audit(1181102914.825:42): arch=40000003 syscall=97 success=yes exit=0 a0=0 a1=0 a2=fffffff4 a3=2 items=0 ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:43): avc: denied { setgid } for pid=3528 comm="ntpdate" capability=6 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181102914.825:43): arch=40000003 syscall=206 success=yes exit=0 a0=0 a1=0 a2=325ff4 a3=2 items=0 ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:44): avc: denied { setuid } for pid=3528 comm="ntpdate" capability=7 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181102914.825:44): arch=40000003 syscall=208 success=yes exit=0 a0=ffffffff a1=26 a2=ffffffff a3=2 items=0 ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=38 suid=0 fsuid=38 egid=38 sgid=0 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:45): avc: denied { setcap } for pid=3528 comm="ntpdate" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=process type=SYSCALL msg=audit(1181102914.825:45): arch=40000003 syscall=185 success=yes exit=0 a0=801fd0fc a1=801fd104 a2=cd70f0 a3=801fd0fc items=0 ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=38 suid=0 fsuid=38 egid=38 sgid=0 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:46): avc: denied { sys_time } for pid=3528 comm="ntpdate" capability=25 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181102914.825:46): arch=40000003 syscall=124 success=yes exit=0 a0=bfee7e4c a1=0 a2=325ff4 a3=0 items=0 ppid=3514 pid=3528 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181102914.825:47): avc: denied { add_name } for pid=3532 comm="touch" name="ntpd" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir type=AVC msg=audit(1181102914.825:47): avc: denied { create } for pid=3532 comm="touch" name="ntpd" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file type=AVC msg=audit(1181102914.825:48): avc: denied { write } for pid=3532 comm="touch" name="ntpd" dev=dm-0 ino=16581960 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file type=AVC msg=audit(1181112994.480:61): avc: denied { sys_nice } for pid=4141 comm="ntpdate" capability=23 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181112994.480:61): arch=40000003 syscall=97 success=yes exit=0 a0=0 a1=0 a2=fffffff4 a3=2 items=0 ppid=4127 pid=4141 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181112994.480:62): avc: denied { setgid } for pid=4141 comm="ntpdate" capability=6 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181112994.480:62): arch=40000003 syscall=206 success=yes exit=0 a0=0 a1=0 a2=25fff4 a3=2 items=0 ppid=4127 pid=4141 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181112994.480:63): avc: denied { setuid } for pid=4141 comm="ntpdate" capability=7 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181112994.480:63): arch=40000003 syscall=208 success=yes exit=0 a0=ffffffff a1=26 a2=ffffffff a3=2 items=0 ppid=4127 pid=4141 auid=4294967295 uid=0 gid=0 euid=38 suid=0 fsuid=38 egid=38 sgid=0 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null) type=AVC msg=audit(1181112994.480:64): avc: denied { sys_time } for pid=4141 comm="ntpdate" capability=25 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability type=SYSCALL msg=audit(1181112994.480:64): arch=40000003 syscall=124 success=yes exit=0 a0=bf9ab91c a1=0 a2=25fff4 a3=0 items=0 ppid=4127 pid=4141 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null)
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux