On Fri, 2006-06-30 at 22:58 -0500, Gene Heskett wrote: > Greetings; > > It appears that the last selinux update has killed ntpd, as shown from > my messages log: > > Jun 30 22:37:14 diablo ntpd[1936]: sendto(194.145.249.108): Invalid argument > Jun 30 22:38:01 diablo ntpd[1936]: sendto(194.102.249.64): Invalid argument > Jun 30 22:42:04 diablo ntpd[1936]: sendto(193.40.133.134): Invalid argument > > I have several pages of the above. > > So to get a clean restart, I did a restart, and this error was logged. > > Jun 30 22:52:34 diablo ntpd[1936]: ntpd exiting on signal 15 > Jun 30 22:52:35 diablo kernel: audit(1151725955.188:14): avc: denied { > read } for pid=23841 comm="ntpd" name=".fonts.cache-2" dev=hda5 > ino=11556042 scontext=root:system_r:ntpd_t:s0 > tcontext=root:object_r:user_home_t:s0 tclass=file This avc is about ntpd being refused access to a .fonts.cache-2 file in someone's home directory. Why it would be trying to access that I don't know, but it has no business doing so. > Jun 30 22:52:35 diablo ntpd[23842]: ntpd 4.2.0a@xxxxxxxx Thu May 11 > 09:19:35 EDT 2006 (1) > Jun 30 22:52:35 diablo ntpd[23842]: precision = 6.000 usec > Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wildcard, > 0.0.0.0#123 > Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wildcard, ::#123 > Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface lo, 127.0.0.1#123 > Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wlan0, > 192.168.1.105#123 > Jun 30 22:52:35 diablo ntpd[23842]: kernel time sync status 0040 > Jun 30 22:52:36 diablo ntpd[23842]: frequency initialized -14.140 PPM > from /var/lib/ntp/drift It would appears that the avc did not prevent the startup of ntpd in any case. > I assume something in yesterdays selinux update has done this, but I've > now forgotten the magic phrase to invoke from the cli to cause a fix. > > Can someone refresh my memory? Try switching to permissive mode and restart ntpd: # setenforce 0 # service ntpd restart If ntpd is still not working, the problem lies elsewhere than SELinux. Try re-enabling enforcing mode: # setenforce 1 This may or may not make a difference, depending on whether: 1. It was an SELinux issue in the first place, 2. It was a startup issue, or 3. It was a regular runtime issue. Paul. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list