AVCs with ntpd
Daniel J Walsh
dwalsh at redhat.com
Mon Sep 20 12:45:19 UTC 2004
Felipe Alfaro Solana wrote:
> OK, so I'm trying SElinux after having it disabled for some time.
> That's what I did:
>
> 1. Installed selinux-policy-targeted-1.17.16-2
> 2. Recompiled the kernel with SElinux support
> 3. Booted into single user mode
> 4. Ran "fixfiles relabel"
> 5. Rebooted with "selinux=1"
>
> Now, I'm seeing a lot of these:
>
> audit(1095681913.039:0(: avc: denied { search } for pid=2515
> exe=/usr/sbin/ntpd dev=tmpfs ino=357 scontext=user_u:system_r:ntpd_t
> tcontext=user_u:object_r"tmpfs_t tclass=dir
>
> The problem here is that I'm using UDEV and that the initial ramdisk
> mounts a tmpfs on top of "/dev", thus, covering the labeled "/dev"
> that resides on disk.
>
> How should I fix this?
>
Try the policy available on people.redhat.com:~dwalsh/Fedora/
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list