Paul Howarth wrote:
On Fri, 2006-06-30 at 22:58 -0500, Gene Heskett wrote:
Greetings;
It appears that the last selinux update has killed ntpd, as shown from
my messages log:
Jun 30 22:37:14 diablo ntpd[1936]: sendto(194.145.249.108): Invalid argument
Jun 30 22:38:01 diablo ntpd[1936]: sendto(194.102.249.64): Invalid argument
Jun 30 22:42:04 diablo ntpd[1936]: sendto(193.40.133.134): Invalid argument
I have several pages of the above.
So to get a clean restart, I did a restart, and this error was logged.
Jun 30 22:52:34 diablo ntpd[1936]: ntpd exiting on signal 15
Jun 30 22:52:35 diablo kernel: audit(1151725955.188:14): avc: denied {
read } for pid=23841 comm="ntpd" name=".fonts.cache-2" dev=hda5
ino=11556042 scontext=root:system_r:ntpd_t:s0
tcontext=root:object_r:user_home_t:s0 tclass=file
This avc is about ntpd being refused access to a .fonts.cache-2 file in
someone's home directory. Why it would be trying to access that I don't
know, but it has no business doing so.
Jun 30 22:52:35 diablo ntpd[23842]: ntpd 4.2.0a@xxxxxxxx Thu May 11
09:19:35 EDT 2006 (1)
Jun 30 22:52:35 diablo ntpd[23842]: precision = 6.000 usec
Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wildcard,
0.0.0.0#123
Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wildcard, ::#123
Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface lo, 127.0.0.1#123
Jun 30 22:52:35 diablo ntpd[23842]: Listening on interface wlan0,
192.168.1.105#123
Jun 30 22:52:35 diablo ntpd[23842]: kernel time sync status 0040
Jun 30 22:52:36 diablo ntpd[23842]: frequency initialized -14.140 PPM
from /var/lib/ntp/drift
It would appears that the avc did not prevent the startup of ntpd in any
case.
I assume something in yesterdays selinux update has done this, but I've
now forgotten the magic phrase to invoke from the cli to cause a fix.
Can someone refresh my memory?
Try switching to permissive mode and restart ntpd:
# setenforce 0
# service ntpd restart
If ntpd is still not working, the problem lies elsewhere than SELinux.
Try re-enabling enforcing mode:
# setenforce 1
This may or may not make a difference, depending on whether:
1. It was an SELinux issue in the first place,
2. It was a startup issue, or
3. It was a regular runtime issue.
Paul.
Whatever it was Paul, it appears that the restart was sufficient to fix
it, those messages are no longer being logged. Shortly after that
snippet was pasted, I got this:
Jun 30 22:55:53 diablo ntpd[23842]: synchronized to LOCAL(0), stratum 10
Jun 30 22:55:53 diablo ntpd[23842]: kernel time sync disabled 0041
Jun 30 22:56:57 diablo ntpd[23842]: synchronized to 194.146.145.193,
stratum 2
Jun 30 23:02:18 diablo ntpd[23842]: kernel time sync enabled 0001
Jun 30 23:11:12 diablo kernel: audit(1151727072.318:15): avc: denied {
execmod } for pid=23946 comm="firefox-bin" name="libflashplayer.so"
dev=hda5 ino=11686771 scontext=root:system_r:unconfined_t:s0-s0:c0.c255
tcontext=root:object_r:user_home_t:s0 tclass=file
But as I'd fired up firefox to do my nightly tour, it did log the above
over the flashplayer lib. Whats the fix there?
Thanks.
--
Cheers, Gene
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list