On Wed, 2007-04-18 at 09:19 -0600, Andrew Ziem wrote:
> Hi,
>
> 1. Should I be getting denied in permissive mode?
No.
> 2. How do I get ntpd working? (Also, smartd has the same problem, but
> they both used to work some months ago.)
>
> [root@z ~]# getsebool -a | grep exec
> allow_execheap --> on
> allow_execmem --> on
> allow_execmod --> on
> allow_execstack --> on
> allow_java_execstack --> off
> httpd_ssi_exec --> on
> httpd_suexec_disable_trans --> off
> [root@z ~]# getenforce
> Permissive
> [root@z ~]# /sbin/service ntpd start
> Starting ntpd: SELinux denied execmem.
Hmm...that's interesting. What is generating that message ("SELinux
denied execmem")? A SELinux denial only manifests as an audit message
(in /var/log/messages or /var/log/audit/audit.log) and as an error
return from the kernel (with errno EACCES, but not distinguished from
other potential reasons for permission denied there), so some userland
component is displaying that message for you, not SELinux itself.
I'd guess that the application or script is getting an error and
incorrectly assuming that it was SELinux that was the culprit, as
permissive mode shouldn't deny anything.
> [FAILED]
> [root@z ~]# cat /etc/fedora-release
> Fedora Core release 5 (Bordeaux)
> [root@z ~]# uname -a
> Linux z.localdomain 2.6.20-1.2312.fc5 #1 Tue Apr 10 15:09:44 EDT 2007
> i686 athlon i386 GNU/Linux
>
>
>
> Andrew
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
