What if you set your system to permissive mode and see what is ntpdate
trying to do ?
> ----------
> From:
> fedora-selinux-list-bounces@xxxxxxxxxx[SMTP:fedora-selinux-list-bounces@re
> dhat.com] on behalf of Jason Hooper[SMTP:jhooper@xxxxxxxxxxxxx]
> Reply To: Fedora SELinux support list for users & developers.
> Sent: 17. junij 2004 16:03
> To: fedora-selinux-list@xxxxxxxxxx
> Subject: RE: ntp
>
> Yeah it seems like it should just work...yet it doesn't...wierd. I have
> two machines trying to sync ( well, three, but the third one works and is
> not selinux )
>
> I get this avc on both :
>
> Machine1 :
>
> Jan 3 02:11:03 doh1 kernel: audit(1041581463.810:0): avc: denied {
> write
> } for pid=1694 exe=/usr/sbin/ntpdate path=/ dev=hda3 ino=3367
> scontext=root:system_r:ntpd_t tcontext=system_u:object_r:root_t
> tclass=chr_file
>
> Machine2 :
>
> Jun 17 06:11:33 doh2 kernel: audit(1087470693.719:0): avc: denied {
> write
> } for pid=2335 exe=/usr/sbin/ntpdate path=/ dev=hda2 ino=5060
> scontext=root:system_r:ntpd_t tcontext=system_u:object_r:root_t
> tclass=chr_file
>
> Machine2 has an ntpd.te file while machine1 does not. Does that matter
> in
> this case? I can send it if its needed.
>
> Thanks again for the help
>
> ..
>
>
> -----Original Message-----
> From: Russell Coker [mailto:russell@xxxxxxxxxxxx]
> Sent: Wednesday, June 16, 2004 10:01 PM
> To: fedora-selinux-list@xxxxxxxxxx
> Cc: Jason Hooper
> Subject: Re: ntp
>
> On Thu, 17 Jun 2004 04:51, "Jason Hooper" <jhooper@xxxxxxxxxxxxx> wrote:
> > could someone point me in the direction of getting ntp to work with
> selinux
> > on fedora C2? does anyone have experience with this? is it supposed
> to
> > just work with the default file_contexts? any help is
> > appreciated...thanks
>
> For the typical operation (synchronising from a master server somewhere on
> the
> net) it is supposed to just work, it does for me. I have a rawhide
> machine
> running the strict SE Linux policy synchronising with an NTP server right
> now, and I don't believe that FC2 differs from the current rawhide in any
> significant way related to NTP.
>
> Does ntpd support directly interfacing with GPS hardware or other accurate
> time sources? If so some extra policy will be needed to support this.
>
> If you see any AVC messages related to ntpd then please post them to this
> list.
>
> --
> http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/ My home page
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
