Problems with SELinux
Bob Chiodini
rchiodin at bellsouth.net
Tue Apr 12 00:38:35 UTC 2005
On Tue, 2005-04-12 at 01:37 +0200, Vassilios Kotoulas wrote:
> hi,
>
> I have this messages on boot and ntpdate fails on boot.
> The first time I had this messages I put SELinux into permissive mode
> but I now want to have SELinux protection.
>
> ------------------cut----------------------------------
> audit(1113261840.303:0): avc: denied { read } for pid=3636
> exe=/usr/sbin/ntpdate name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> audit(1113261840.303:0): avc: denied { read } for pid=3636
> exe=/usr/sbin/ntpdate name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> audit(1113261840.505:0): avc: denied { read } for pid=3649
> exe=/sbin/syslogd name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:syslogd_t
> tcontext=system_u:object_r:mail_spool_t tclass=file
> audit(1113261840.559:0): avc: denied { read } for pid=3653
> exe=/usr/sbin/ntpd name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> audit(1113261840.559:0): avc: denied { read } for pid=3653
> exe=/usr/sbin/ntpd name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> audit(1113261840.560:0): avc: denied { read } for pid=3653
> exe=/usr/sbin/ntpd name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> audit(1113261840.560:0): avc: denied { read } for pid=3653
> exe=/usr/sbin/ntpd name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> audit(1113261840.560:0): avc: denied { read } for pid=3653
> exe=/usr/sbin/ntpd name=services dev=hda1 ino=17230721
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:mail_spool_t
> tclass=file
> -------------------------------------cut-------------------------------
>
>
Maybe you need to relabel. There are a couple of methods described at:
http://fedora.redhat.com/docs/selinux-faq-fc3/
Bob...
More information about the fedora-list
mailing list