Re: [fc3] ntpd issue with SELinux and dm

[Davide Rossetti <davide.rossetti@xxxxxxxxxxxxx>]

> > 17:28:54 connect(9, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 
> > 110) = -1 EACCES (Permission denied)
> > 17:28:54 close(9)                       = 0
> > 17:28:54 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> > 17:28:54 +++ killed by SIGSEGV +++
> >
> > the signal is async as I saw it fail in other points as well...
> >
> > in /var/log/messages I find:
> >
> > Apr 13 17:28:54 xeone ntpd[15458]: ntpd 4.2.0a@xxxxxxxx Mon Oct 11 
> > 09:10:20 EDT 2004 (1)
> > Apr 13 17:28:54 xeone ntpd[15458]: precision = 66.000 usec
> > Apr 13 17:28:54 xeone ntpd[15458]: Listening on interface wildcard, 
> > 0.0.0.0#123
> > Apr 13 17:28:54 xeone ntpd[15458]: Listening on interface wildcard, 
> > ::#123
> > Apr 13 17:28:54 xeone ntpd[15458]: Listening on interface lo, 
> > 127.0.0.1#123
> > Apr 13 17:28:54 xeone ntpd[15458]: Listening on interface eth0, 
> > 10.0.0.75#123
> > Apr 13 17:28:54 xeone ntpd[15458]: kernel time sync status 0040
> > Apr 13 17:28:54 xeone kernel: audit(1113406134.559:0): avc:  denied  
> > { write } for  pid=15458 exe=/usr/sbin/ntpd name=root dev=dm
> > -0 ino=1160993 scontext=root:system_r:ntpd_t 
> > tcontext=root:object_r:user_home_dir_t tclass=dir
> >
> > [root@xeone ~]# df
> > Filesystem           1K-blocks      Used Available Use% Mounted on
> > /dev/mapper/VolGroup00-LogVol00
> >                      15449552   2584572  12080188  18% /
> > /dev/sda1               256666     30601    212813  13% /boot
> > none                    515232         0    515232   0% /dev/shm
> >
> > file context of dm inodes are:
> >
> > [root@xeone ~]# ls -lZ /dev/dm*
> > brw-r-----  root     root     system_u:object_r:fixed_disk_device_t 
> > /dev/dm-0
> > brw-r-----  root     root     system_u:object_r:fixed_disk_device_t 
> > /dev/dm-1
> This is trying to write to a user_home_dir_t?
> What does
> ls -laZ /var/run/nscd
> show?
xeone DING! (65) apelink/driver>ls -lZa /var/run/nscd/
drwxr-xr-x  root     root     system_u:object_r:nscd_var_run_t ./
drwxr-xr-x  root     root     system_u:object_r:var_run_t      ../

but I do not run nscd:
xeone 13:00 (66) apelink/driver>chkconfig --list nscd
nscd            0:off   1:off   2:off   3:off   4:off   5:off   6:off