F7 : ntpd and selinux

Skunk Worx skunkworx at verizon.net
Thu Jun 7 03:01:11 UTC 2007 

Daniel J Walsh wrote:
> Skunk Worx wrote:
>> Daniel J Walsh wrote:
>>> Skunk Worx wrote:
>>>> I can see similar comments in bugzilla, so I think this is already 
>>>> being worked.
>>>> ---
>>>> John
>>>>
>>>> > avc: denied { sys_time } for comm="ntpdate" egid=38 euid=38
>>>>
>>> Please attach the log file to show what is causing these messages. I 
>>> can't generate rules from just this info.
>>>
>> SELinux is preventing /usr/sbin/ntpdate (dhcpc_t) "sys_time" to 
>> <Unknown> (dhcpc_t).
>>
>> If this is not useful could you provide a command line and sample 
>> expected output?
>>
>> ---
>> John
>>
> grep ntp /var/log/audit/audit.log
> 

Thanks.

type=AVC msg=audit(1181102914.825:33): avc:  denied  { getattr } for 
pid=3514 comm="ntpd" name="ntpd" dev=dm-0 ino=16581960 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:var_lock_t:s0 tclass=file
type=SYSCALL msg=audit(1181102914.825:33): arch=40000003 syscall=195 
success=yes exit=0 a0=9d87298 a1=bfee9f78 a2=978ff4 a3=9d87298 items=0 
ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC_PATH msg=audit(1181102914.825:33):  path="/var/lock/subsys/ntpd"
type=AVC msg=audit(1181102914.825:34): avc:  denied  { getattr } for 
pid=3514 comm="ntpd" name="ntpd.pid" dev=dm-0 ino=16581959 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1181102914.825:34): arch=40000003 syscall=195 
success=yes exit=0 a0=9da3ce8 a1=bfee7b48 a2=978ff4 a3=9da3ce8 items=0 
ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC_PATH msg=audit(1181102914.825:34):  path="/var/run/ntpd.pid"
type=AVC msg=audit(1181102914.825:35): avc:  denied  { read } for 
pid=3514 comm="ntpd" name="ntpd.pid" dev=dm-0 ino=16581959 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1181102914.825:35): arch=40000003 syscall=5 
success=yes exit=3 a0=9da3d00 a1=8000 a2=0 a3=8000 items=0 ppid=3507 
pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:36): avc:  denied  { ioctl } for 
pid=3514 comm="ntpd" name="ntpd.pid" dev=dm-0 ino=16581959 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1181102914.825:36): arch=40000003 syscall=54 
success=no exit=-25 a0=0 a1=5401 a2=bfee7258 a3=bfee7298 items=0 
ppid=3507 pid=3514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpd" exe="/bin/bash" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC_PATH msg=audit(1181102914.825:36):  path="/var/run/ntpd.pid"
type=AVC msg=audit(1181102914.825:37): avc:  denied  { kill } for 
pid=3514 comm="ntpd" capability=5 scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=AVC msg=audit(1181102914.825:37): avc:  denied  { signal } for 
pid=3514 comm="ntpd" scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:ntpd_t:s0 tclass=process
type=SYSCALL msg=audit(1181102914.825:37): arch=40000003 syscall=37 
success=yes exit=0 a0=830 a1=f a2=830 a3=830 items=0 ppid=3507 pid=3514 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="ntpd" exe="/bin/bash" subj=system_u:system_r:dhcpc_t:s0 
key=(null)
type=AVC msg=audit(1181102914.825:38): avc:  denied  { unlink } for 
pid=3520 comm="rm" name="ntpd.pid" dev=dm-0 ino=16581959 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpd_var_run_t:s0 tclass=file
type=AVC msg=audit(1181102914.825:39): avc:  denied  { remove_name } for 
  pid=3521 comm="rm" name="ntpd" dev=dm-0 ino=16581960 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=AVC msg=audit(1181102914.825:39): avc:  denied  { unlink } for 
pid=3521 comm="rm" name="ntpd" dev=dm-0 ino=16581960 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:var_lock_t:s0 tclass=file
type=AVC msg=audit(1181102914.825:40): avc:  denied  { execute } for 
pid=3528 comm="ntpd" name="ntpdate" dev=dm-0 ino=2733415 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpdate_exec_t:s0 tclass=file
type=AVC msg=audit(1181102914.825:40): avc:  denied  { execute_no_trans 
} for  pid=3528 comm="ntpd" name="ntpdate" dev=dm-0 ino=2733415 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpdate_exec_t:s0 tclass=file
type=AVC msg=audit(1181102914.825:40): avc:  denied  { read } for 
pid=3528 comm="ntpd" name="ntpdate" dev=dm-0 ino=2733415 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntpdate_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1181102914.825:40): arch=40000003 syscall=11 
success=yes exit=0 a0=9da1ac0 a1=9d82f60 a2=9d8fdd0 a3=0 items=0 
ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC_PATH msg=audit(1181102914.825:40):  path="/usr/sbin/ntpdate"
type=AVC_PATH msg=audit(1181102914.825:40):  path="/usr/sbin/ntpdate"
type=AVC msg=audit(1181102914.825:41): avc:  denied  { name_bind } for 
pid=3528 comm="ntpdate" src=123 scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:ntp_port_t:s0 tclass=udp_socket
type=SYSCALL msg=audit(1181102914.825:41): arch=40000003 syscall=102 
success=yes exit=0 a0=2 a1=bfee8400 a2=8000f698 a3=0 items=0 ppid=3514 
pid=3528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:42): avc:  denied  { sys_nice } for 
pid=3528 comm="ntpdate" capability=23 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=AVC msg=audit(1181102914.825:42): avc:  denied  { setsched } for 
pid=3528 comm="ntpdate" scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=process
type=SYSCALL msg=audit(1181102914.825:42): arch=40000003 syscall=97 
success=yes exit=0 a0=0 a1=0 a2=fffffff4 a3=2 items=0 ppid=3514 pid=3528 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:43): avc:  denied  { setgid } for 
pid=3528 comm="ntpdate" capability=6 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181102914.825:43): arch=40000003 syscall=206 
success=yes exit=0 a0=0 a1=0 a2=325ff4 a3=2 items=0 ppid=3514 pid=3528 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:44): avc:  denied  { setuid } for 
pid=3528 comm="ntpdate" capability=7 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181102914.825:44): arch=40000003 syscall=208 
success=yes exit=0 a0=ffffffff a1=26 a2=ffffffff a3=2 items=0 ppid=3514 
pid=3528 auid=4294967295 uid=0 gid=0 euid=38 suid=0 fsuid=38 egid=38 
sgid=0 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:45): avc:  denied  { setcap } for 
pid=3528 comm="ntpdate" scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=process
type=SYSCALL msg=audit(1181102914.825:45): arch=40000003 syscall=185 
success=yes exit=0 a0=801fd0fc a1=801fd104 a2=cd70f0 a3=801fd0fc items=0 
ppid=3514 pid=3528 auid=4294967295 uid=0 gid=0 euid=38 suid=0 fsuid=38 
egid=38 sgid=0 fsgid=38 tty=(none) comm="ntpdate" 
exe="/usr/sbin/ntpdate" subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:46): avc:  denied  { sys_time } for 
pid=3528 comm="ntpdate" capability=25 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181102914.825:46): arch=40000003 syscall=124 
success=yes exit=0 a0=bfee7e4c a1=0 a2=325ff4 a3=0 items=0 ppid=3514 
pid=3528 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 
sgid=38 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181102914.825:47): avc:  denied  { add_name } for 
pid=3532 comm="touch" name="ntpd" scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=AVC msg=audit(1181102914.825:47): avc:  denied  { create } for 
pid=3532 comm="touch" name="ntpd" scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:var_lock_t:s0 tclass=file
type=AVC msg=audit(1181102914.825:48): avc:  denied  { write } for 
pid=3532 comm="touch" name="ntpd" dev=dm-0 ino=16581960 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:var_lock_t:s0 tclass=file
type=AVC msg=audit(1181112994.480:61): avc:  denied  { sys_nice } for 
pid=4141 comm="ntpdate" capability=23 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181112994.480:61): arch=40000003 syscall=97 
success=yes exit=0 a0=0 a1=0 a2=fffffff4 a3=2 items=0 ppid=4127 pid=4141 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181112994.480:62): avc:  denied  { setgid } for 
pid=4141 comm="ntpdate" capability=6 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181112994.480:62): arch=40000003 syscall=206 
success=yes exit=0 a0=0 a1=0 a2=25fff4 a3=2 items=0 ppid=4127 pid=4141 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181112994.480:63): avc:  denied  { setuid } for 
pid=4141 comm="ntpdate" capability=7 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181112994.480:63): arch=40000003 syscall=208 
success=yes exit=0 a0=ffffffff a1=26 a2=ffffffff a3=2 items=0 ppid=4127 
pid=4141 auid=4294967295 uid=0 gid=0 euid=38 suid=0 fsuid=38 egid=38 
sgid=0 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(1181112994.480:64): avc:  denied  { sys_time } for 
pid=4141 comm="ntpdate" capability=25 
scontext=system_u:system_r:dhcpc_t:s0 
tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability
type=SYSCALL msg=audit(1181112994.480:64): arch=40000003 syscall=124 
success=yes exit=0 a0=bf9ab91c a1=0 a2=25fff4 a3=0 items=0 ppid=4127 
pid=4141 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 
sgid=38 fsgid=38 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate" 
subj=system_u:system_r:dhcpc_t:s0 key=(null)

More information about the fedora-list mailing list