Re: ntpd vs selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2006-06-30 at 22:58 -0500, Gene Heskett wrote:
> Greetings;
> 
> It appears that the last selinux update has killed ntpd, as shown from 
> my messages log:
> 
> Jun 30 22:37:14 diablo ntpd[1936]: sendto(194.145.249.108): Invalid argument
> Jun 30 22:38:01 diablo ntpd[1936]: sendto(194.102.249.64): Invalid argument
> Jun 30 22:42:04 diablo ntpd[1936]: sendto(193.40.133.134): Invalid argument
> 
> I have several pages of the above.
> 
> So to get a clean restart, I did a restart, and this error was logged.
> 
> Jun 30 22:52:34 diablo ntpd[1936]: ntpd exiting on signal 15
> Jun 30 22:52:35 diablo kernel: audit(1151725955.188:14): avc:  denied  { 
> read } for  pid=23841 comm="ntpd" name=".fonts.cache-2" dev=hda5 
> ino=11556042 scontext=root:system_r:ntpd_t:s0 
> tcontext=root:object_r:user_home_t:s0 tclass=file

This avc is about ntpd being refused access to a .fonts.cache-2 file in
someone's home directory. Why it would be trying to access that I don't
know, but it has no business doing so.

> Jun 30 22:52:35 diablo ntpd[23842]: ntpd 4.2.0a@xxxxxxxx Thu May 11 
> 09:19:35 EDT 2006 (1)
> Jun 30 22:52:35 diablo ntpd[23842]: precision = 6.000 usec
> Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wildcard, 
> 0.0.0.0#123
> Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wildcard, ::#123
> Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface lo, 127.0.0.1#123
> Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wlan0, 
> 192.168.1.105#123
> Jun 30 22:52:35 diablo ntpd[23842]: kernel time sync status 0040
> Jun 30 22:52:36 diablo ntpd[23842]: frequency initialized -14.140 PPM 
> from /var/lib/ntp/drift

It would appears that the avc did not prevent the startup of ntpd in any
case.

> I assume something in yesterdays selinux update has done this, but I've 
> now forgotten the magic phrase to invoke from the cli to cause a fix.
> 
> Can someone refresh my memory?

Try switching to permissive mode and restart ntpd:

# setenforce 0
# service ntpd restart

If ntpd is still not working, the problem lies elsewhere than SELinux.

Try re-enabling enforcing mode:

# setenforce 1

This may or may not make a difference, depending on whether:
1. It was an SELinux issue in the first place,
2. It was a startup issue, or
3. It was a regular runtime issue.

Paul.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux