ntp

Jason Hooper jhooper at tlcontact.com
Thu Jun 17 14:03:12 UTC 2004


Yeah it seems like it should just work...yet it doesn't...wierd.   I have
two machines trying to sync ( well, three, but the third one works and is
not selinux )

I get this avc on both :

Machine1 :

Jan  3 02:11:03 doh1 kernel: audit(1041581463.810:0): avc:  denied  { write
} for  pid=1694 exe=/usr/sbin/ntpdate path=/ dev=hda3 ino=3367
scontext=root:system_r:ntpd_t tcontext=system_u:object_r:root_t
tclass=chr_file

Machine2 :

Jun 17 06:11:33 doh2 kernel: audit(1087470693.719:0): avc:  denied  { write
} for  pid=2335 exe=/usr/sbin/ntpdate path=/ dev=hda2 ino=5060
scontext=root:system_r:ntpd_t tcontext=system_u:object_r:root_t
tclass=chr_file

Machine2 has an ntpd.te file while machine1 does not.   Does that matter in
this case?  I can send it if its needed.

Thanks again for the help

..


-----Original Message-----
From: Russell Coker [mailto:russell at coker.com.au] 
Sent: Wednesday, June 16, 2004 10:01 PM
To: fedora-selinux-list at redhat.com
Cc: Jason Hooper
Subject: Re: ntp

On Thu, 17 Jun 2004 04:51, "Jason Hooper" <jhooper at tlcontact.com> wrote:
> could someone point me in the direction of getting ntp to work with
selinux
> on fedora C2?    does anyone have experience with this?   is it supposed
to
> just work with the default file_contexts?   any help is
> appreciated...thanks

For the typical operation (synchronising from a master server somewhere on
the
net) it is supposed to just work, it does for me.  I have a rawhide machine
running the strict SE Linux policy synchronising with an NTP server right
now, and I don't believe that FC2 differs from the current rawhide in any
significant way related to NTP.

Does ntpd support directly interfacing with GPS hardware or other accurate
time sources?  If so some extra policy will be needed to support this.

If you see any AVC messages related to ntpd then please post them to this
list.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-selinux-list mailing list