SELinux messages - useful?

Thu Sep 23 04:14:42 UTC 2004

Hey All,

My system has been upgraded from Fedora Core 1 through the various devel
releases, and finally to rawhide recently.

I'm aware SELinux policies are under development, are output messages
appropriate for this list?

I've been getting messages at startup from ntp at startup for quite a
while now, and haven't seen a change over several selinux policy
updates. (selinux=targeted)

Running ntpdate give the following syslog messages:

Sep 23 11:58:01 coeus kernel: audit(1095911881.237:0): avc:  denied
{ search } for  pid=11758 exe=/usr/sbin/ntpdate dev=hda3 ino=2
scontext=root:system_r:ntpd_t tcontext=system_u:object_r:file_t
tclass=dir
Sep 23 11:58:01 coeus kernel: audit(1095911881.238:0): avc:  denied
{ read } for  pid=11758 exe=/usr/sbin/ntpdate name=ld.so.cache dev=hda3
ino=1622140 scontext=root:system_r:ntpd_t tcontext=root:object_r:file_t
tclass=file
Sep 23 11:58:01 coeus kernel: audit(1095911881.238:0): avc:  denied
{ getattr } for  pid=11758 exe=/usr/sbin/ntpdate path=/etc/ld.so.cache
dev=hda3 ino=1622140 scontext=root:system_r:ntpd_t
tcontext=root:object_r:file_t tclass=file
Sep 23 11:58:01 coeus kernel: audit(1095911881.285:0): avc:  denied
{ read } for  pid=11758 exe=/usr/sbin/ntpdate name=libcap.so.1 dev=hda3
ino=2867274 scontext=root:system_r:ntpd_t tcontext=root:object_r:file_t
tclass=lnk_file
Sep 23 11:58:01 coeus kernel: audit(1095911881.298:0): avc:  denied
{ execute } for  pid=11758 path=/lib/libcap.so.1.10 dev=hda3 ino=2867230
scontext=root:system_r:ntpd_t tcontext=root:object_r:file_t tclass=file
Sep 23 11:58:01 coeus kernel: audit(1095911881.300:0): avc:  denied
{ read } for  pid=11758 exe=/usr/sbin/ntpdate name=localtime dev=hda3
ino=229407 scontext=root:system_r:ntpd_t
tcontext=system_u:object_r:file_t tclass=file
Sep 23 11:58:01 coeus kernel: audit(1095911881.300:0): avc:  denied
{ getattr } for  pid=11758 exe=/usr/sbin/ntpdate path=/etc/localtime
dev=hda3 ino=229407 scontext=root:system_r:ntpd_t
tcontext=system_u:object_r:file_t tclass=file
Sep 23 11:58:05 coeus kernel: audit(1095911885.649:0): avc:  denied
{ read } for  pid=11759 exe=/usr/sbin/ntpdate name=resolv.conf dev=hda3
ino=229433 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t
tclass=file
Sep 23 11:58:05 coeus kernel: audit(1095911885.650:0): avc:  denied
{ getattr } for  pid=11759 exe=/usr/sbin/ntpdate path=/etc/resolv.conf
dev=hda3 ino=229433 scontext=root:system_r:ntpd_t
tcontext=user_u:object_r:file_t tclass=file

Which look different from bug id 132574 - the only thing I could find
with SELinux and ntp.

Is this a problem with policy, pebcak or a product of the upgrade?

Thanks

Carl Gherardi

PS:
My usb thumbdrives report
Sep 23 07:42:28 coeus kernel: SCSI device sda: 499712 512-byte hdwr
sectors (256 MB)
Sep 23 07:42:28 coeus kernel: sda: Write Protect is off
Sep 23 07:42:28 coeus kernel: sda: assuming drive cache: write through
Sep 23 07:42:29 coeus kernel:  sda: sda1
Sep 23 07:42:29 coeus kernel: Attached scsi removable disk sda at scsi0,
channel 0, id 0, lun 0

No device is created in /dev - udev? rtm?

Carl

--

--
This email is confidential and intended solely for the use of the individual to whom it is addressed.  
Any views or opinions presented are solely those of the author and do not necessarily represent those of NAUTRONIX LTD.

If you are not the intended recipient, you have received this email in error and use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.  If you have received this email in error please contact the sender.   

Although our computer systems use active virus protection software, and we take various measures to reduce the risk of viruses being transmitted in e-mail messages and attachments sent from this company, we cannot guarantee that such e-mail messages and attachments are free from viruses on receipt.  It is a condition of our using e-mail to correspond with you, that any and all liability on our part arising directly or indirectly out of any virus is excluded.  Please ensure that you run virus checking software on all e-mail messages and attachments before reading them.