Just prior to the time change, I made sure that ntpd and my timezone
files were properly setup. Since this time, I've noticed the
following errors:
audit(1173310084.404:5): avc: denied { read } for pid=8634
comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662
scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t
tclass=file
I've not successfully (so far) been able to find the selinux setting
that is denying this access. I am running a reasonably standard (i.e.
minimally customized) CentOS V4.4 system and have to believe there is
a general change that should be made.
Has anyone else seen these errors?
Has anyone else resolved this issue and can describe how to resolve?
Brett
In article <a5f030530703200834we7ca190odf616bcc7b20d6a4 at mail.gmail.com>, Brett Serkez <bserkez at gmail.com> wrote:> Just prior to the time change, I made sure that ntpd and my timezone > files were properly setup. Since this time, I've noticed the > following errors: > > audit(1173310084.404:5): avc: denied { read } for pid=8634 > comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662 > scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t > tclass=file > > I've not successfully (so far) been able to find the selinux setting > that is denying this access. I am running a reasonably standard (i.e. > minimally customized) CentOS V4.4 system and have to believe there is > a general change that should be made. > > Has anyone else seen these errors? > > Has anyone else resolved this issue and can describe how to resolve?Have you tried rebooting the system since you updated the timezone files? When I updated a system I found that running processes were still using the old information, and only new process picked up the new. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
On Tue, 20 Mar 2007, Brett Serkez wrote:> Just prior to the time change, I made sure that ntpd and my timezone > files were properly setup. Since this time, I've noticed the > following errors: > > audit(1173310084.404:5): avc: denied { read } for pid=8634 > comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662 > scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t > tclass=file > > I've not successfully (so far) been able to find the selinux setting > that is denying this access. I am running a reasonably standard > (i.e. minimally customized) CentOS V4.4 system and have to believe > there is a general change that should be made.I don't know why ntpd would need to read that particular samba file, but if you really want to know how to allow that operation... First, ensure selinux-policy-targeted-sources package is installed. Then create and activate your policy mod (this is done off the top of my head -- test it first!): # get into place cd /etc/selinux/targeted/src/policy # edit/create local.te echo \ "allow ntpd_t samba_var_t:file { read };" \ >>domains/misc/local.te # reload it make reload If you'd rather just get rid of the warnings without allowing ntpd access to samba's /var files, then try the dontaudit macro in your local.te file instead: dontaudit ntpd_t samba_var_t:file { read }; -- Paul Heinlein <> heinlein at madboa.com <> www.madboa.com