-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/18/2011 10:11 AM, Skunk Worx wrote:
> Sup,
>
> I am using EPEL 6 and a garmin 18 LVC on a serial port with gpsd. I am
> fairly new to the selinux environment.
>
> ntpd is supposed to be able to access a couple of shm locations to get
> time from the gps daemon.
>
> In /var/log/messages I see :
>
> Mar 18 00:10:11 localhost ntpd[8899]: SHM shmget (unit 0): Permission denied
> Mar 18 00:10:11 localhost ntpd[8899]: configuration of 127.127.28.0 failed
> Mar 18 00:10:11 localhost ntpd[8899]: SHM shmget (unit 1): Permission denied
> Mar 18 00:10:11 localhost ntpd[8899]: configuration of 127.127.28.1 failed
>
> Also avc messages :
>
> type=SYSCALL msg=audit(1300431471.964:16749): arch=40000003 syscall=117
> success=no exit=-13 a0=17 a1=4e545031 a2=50 a3=3c0 items=0 ppid=1
> pid=8795 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=12 comm="ntpd" exe="/usr/sbin/ntpd"
> subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
> type=AVC msg=audit(1300432211.929:16768): avc: denied { unix_read
> unix_write } for pid=8899 comm="ntpd" key=1314148400
> scontext=unconfined_u:system_r:ntpd_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
>
> type=SYSCALL msg=audit(1300432211.929:16768): arch=40000003 syscall=117
> success=no exit=-13 a0=17 a1=4e545030 a2=50 a3=3c0 items=0 ppid=1
> pid=8899 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=12 comm="ntpd" exe="/usr/sbin/ntpd"
> subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
> type=AVC msg=audit(1300432211.930:16769): avc: denied { unix_read
> unix_write } for pid=8899 comm="ntpd" key=1314148401
> scontext=unconfined_u:system_r:ntpd_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
>
> Here's some direction from audit2allow :
>
> # grep ntpd /var/log/audit/audit.log | audit2allow
> #============= ntpd_t ==============
> allow ntpd_t unconfined_t:shm { unix_read unix_write };
>
> Should I use audit2allow and create a policy package to fix this or is
> there a better way?
>
> Thanks,
> John
Are you running this by hand and they eventually will run as a service?
unconfined_t indicates a logged in user process is running and ntpd_t is
trying access the shared memory of the type.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2DavUACgkQrlYvE4MpobPIKwCfW4RtmtVSjS+9WiTLAKw5U8vk
c88An07lGzO5xn98+zXibL+3YcrJ/QuL
=boDG
-----END PGP SIGNATURE-----
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
