On Wed, 2007-04-18 at 09:19 -0600, Andrew Ziem wrote:
Hi,
1. Should I be getting denied in permissive mode?
No.
2. How do I get ntpd working? (Also, smartd has the same problem,
but
they both used to work some months ago.)
[root@z ~]# getsebool -a | grep exec
allow_execheap --> on
allow_execmem --> on
allow_execmod --> on
allow_execstack --> on
allow_java_execstack --> off
httpd_ssi_exec --> on
httpd_suexec_disable_trans --> off
[root@z ~]# getenforce
Permissive
[root@z ~]# /sbin/service ntpd start
Starting ntpd: SELinux denied execmem.
Hmm...that's interesting. What is generating that message ("SELinux
denied execmem")? A SELinux denial only manifests as an audit message
(in /var/log/messages or /var/log/audit/audit.log) and as an error
return from the kernel (with errno EACCES, but not distinguished from
other potential reasons for permission denied there), so some userland
component is displaying that message for you, not SELinux itself.
I'd guess that the application or script is getting an error and
incorrectly assuming that it was SELinux that was the culprit, as
permissive mode shouldn't deny anything.
[FAILED]
[root@z ~]# cat /etc/fedora-release
Fedora Core release 5 (Bordeaux)
[root@z ~]# uname -a
Linux z.localdomain 2.6.20-1.2312.fc5 #1 Tue Apr 10 15:09:44 EDT 2007
i686 athlon i386 GNU/Linux
Andrew
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list --
Stephen Smalley
National Security Agency