suspend, ntpd and hald....

Tom London selinux at gmail.com
Sun Feb 19 17:01:46 UTC 2006 

Running latest rawhide, targeted/enforcing.

Testing the 'you don't need shutdown, suspend is just fine' item in
the System menu, I get this when I resume:

----
type=PATH msg=audit(02/19/2006 08:52:46.096:18) : item=1
flags=follow,open inode=1045689 dev=fd:00 mode=file,755 ouid=root
ogid=root rdev=00:00
type=PATH msg=audit(02/19/2006 08:52:46.096:18) : item=0
name=/usr/sbin/ntpdate flags=follow,open inode=5802372 dev=fd:00
mode=file,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(02/19/2006 08:52:46.096:18) :  cwd=/
type=AVC_PATH msg=audit(02/19/2006 08:52:46.096:18) :  path=/dev/null
type=SYSCALL msg=audit(02/19/2006 08:52:46.096:18) : arch=i386
syscall=execve success=yes exit=0 a0=9582458 a1=9583320 a2=95841b0
a3=9583838 items=2 pid=3169 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=ntpdate exe=/usr/sbin/ntpdate
type=AVC msg=audit(02/19/2006 08:52:46.096:18) : avc:  denied  { use }
for  pid=3169 comm=ntpdate name=null dev=tmpfs ino=1151
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fd
----
type=PATH msg=audit(02/19/2006 08:53:01.082:19) : item=1
flags=follow,open inode=1045689 dev=fd:00 mode=file,755 ouid=root
ogid=root rdev=00:00
type=PATH msg=audit(02/19/2006 08:53:01.082:19) : item=0
name=/usr/sbin/ntpd flags=follow,open inode=5791501 dev=fd:00
mode=file,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(02/19/2006 08:53:01.082:19) :  cwd=/
type=AVC_PATH msg=audit(02/19/2006 08:53:01.082:19) :  path=/dev/null
type=AVC_PATH msg=audit(02/19/2006 08:53:01.082:19) :  path=/dev/null
type=AVC_PATH msg=audit(02/19/2006 08:53:01.082:19) :  path=/dev/null
type=SYSCALL msg=audit(02/19/2006 08:53:01.082:19) : arch=i386
syscall=execve success=yes exit=0 a0=8a74750 a1=8a74a60 a2=8a74c88
a3=8a746b0 items=2 pid=3172 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=ntpd exe=/usr/sbin/ntpd
type=AVC msg=audit(02/19/2006 08:53:01.082:19) : avc:  denied  { use }
for  pid=3172 comm=ntpd name=null dev=tmpfs ino=1151
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fd
type=AVC msg=audit(02/19/2006 08:53:01.082:19) : avc:  denied  { use }
for  pid=3172 comm=ntpd name=null dev=tmpfs ino=1151
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fd
type=AVC msg=audit(02/19/2006 08:53:01.082:19) : avc:  denied  { use }
for  pid=3172 comm=ntpd name=null dev=tmpfs ino=1151
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fd

Not quite sure I understand this.... a file descriptor leak?

tom
--
Tom London

More information about the fedora-selinux-list mailing list