Re: avc for gpsd and ntpd use of shm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/18/2011 10:11 AM, Skunk Worx wrote:
> Sup,
> 
> I am using EPEL 6 and a garmin 18 LVC on a serial port with gpsd. I am 
> fairly new to the selinux environment.
> 
> ntpd is supposed to be able to access a couple of shm locations to get 
> time from the gps daemon.
> 
> In /var/log/messages I see :
> 
> Mar 18 00:10:11 localhost ntpd[8899]: SHM shmget (unit 0): Permission denied
> Mar 18 00:10:11 localhost ntpd[8899]: configuration of 127.127.28.0 failed
> Mar 18 00:10:11 localhost ntpd[8899]: SHM shmget (unit 1): Permission denied
> Mar 18 00:10:11 localhost ntpd[8899]: configuration of 127.127.28.1 failed
> 
> Also avc messages :
> 
> type=SYSCALL msg=audit(1300431471.964:16749): arch=40000003 syscall=117 
> success=no exit=-13 a0=17 a1=4e545031 a2=50 a3=3c0 items=0 ppid=1 
> pid=8795 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> tty=(none) ses=12 comm="ntpd" exe="/usr/sbin/ntpd" 
> subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
> type=AVC msg=audit(1300432211.929:16768): avc:  denied  { unix_read 
> unix_write } for  pid=8899 comm="ntpd" key=1314148400 
> scontext=unconfined_u:system_r:ntpd_t:s0 
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
> 
> type=SYSCALL msg=audit(1300432211.929:16768): arch=40000003 syscall=117 
> success=no exit=-13 a0=17 a1=4e545030 a2=50 a3=3c0 items=0 ppid=1 
> pid=8899 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> tty=(none) ses=12 comm="ntpd" exe="/usr/sbin/ntpd" 
> subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
> type=AVC msg=audit(1300432211.930:16769): avc:  denied  { unix_read 
> unix_write } for  pid=8899 comm="ntpd" key=1314148401 
> scontext=unconfined_u:system_r:ntpd_t:s0 
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
> 
> Here's some direction from audit2allow :
> 
> # grep ntpd /var/log/audit/audit.log | audit2allow
> #============= ntpd_t ==============
> allow ntpd_t unconfined_t:shm { unix_read unix_write };
> 
> Should I use audit2allow and create a policy package to fix this or is 
> there a better way?
> 
> Thanks,
> John
Are you running this by hand and they eventually will run as a service?

unconfined_t indicates a logged in user process is running and ntpd_t is
trying access the shared memory of the type.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2DavUACgkQrlYvE4MpobPIKwCfW4RtmtVSjS+9WiTLAKw5U8vk
c88An07lGzO5xn98+zXibL+3YcrJ/QuL
=boDG
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux