AVCs with ntpd
Stephen Smalley
sds at epoch.ncsc.mil
Mon Sep 20 13:02:23 UTC 2004
On Mon, 2004-09-20 at 08:18, Felipe Alfaro Solana wrote:
> 2. Recompiled the kernel with SElinux support
The Fedora kernel SRPM or a kernel.org kernel?
> audit(1095681913.039:0(: avc: denied { search } for pid=2515
> exe=/usr/sbin/ntpd dev=tmpfs ino=357 scontext=user_u:system_r:ntpd_t
> tcontext=user_u:object_r"tmpfs_t tclass=dir
>
> The problem here is that I'm using UDEV and that the initial ramdisk
> mounts a tmpfs on top of "/dev", thus, covering the labeled "/dev" that
> resides on disk.
>
> How should I fix this?
This works fine on my rawhide systems, but I am using the Fedora kernel,
and it includes a patch to add xattr support to tmpfs so that udev can
label the tmpfs inodes with the correct security context. The tmpfs
xattr support is not yet in the mainline kernel, but should be soon.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list