SELinux messages - useful?

Daniel J Walsh dwalsh at redhat.com
Thu Sep 23 15:36:57 UTC 2004 

Carl Gherardi wrote:

>Hey All,
>
>My system has been upgraded from Fedora Core 1 through the various devel
>releases, and finally to rawhide recently.
>
>I'm aware SELinux policies are under development, are output messages
>appropriate for this list?
>
>I've been getting messages at startup from ntp at startup for quite a
>while now, and haven't seen a change over several selinux policy
>updates. (selinux=targeted)
>
>Running ntpdate give the following syslog messages:
>
>Sep 23 11:58:01 coeus kernel: audit(1095911881.237:0): avc:  denied
>{ search } for  pid=11758 exe=/usr/sbin/ntpdate dev=hda3 ino=2
>scontext=root:system_r:ntpd_t tcontext=system_u:object_r:file_t
>tclass=dir
>Sep 23 11:58:01 coeus kernel: audit(1095911881.238:0): avc:  denied
>{ read } for  pid=11758 exe=/usr/sbin/ntpdate name=ld.so.cache dev=hda3
>ino=1622140 scontext=root:system_r:ntpd_t tcontext=root:object_r:file_t
>tclass=file
>Sep 23 11:58:01 coeus kernel: audit(1095911881.238:0): avc:  denied
>{ getattr } for  pid=11758 exe=/usr/sbin/ntpdate path=/etc/ld.so.cache
>dev=hda3 ino=1622140 scontext=root:system_r:ntpd_t
>tcontext=root:object_r:file_t tclass=file
>Sep 23 11:58:01 coeus kernel: audit(1095911881.285:0): avc:  denied
>{ read } for  pid=11758 exe=/usr/sbin/ntpdate name=libcap.so.1 dev=hda3
>ino=2867274 scontext=root:system_r:ntpd_t tcontext=root:object_r:file_t
>tclass=lnk_file
>Sep 23 11:58:01 coeus kernel: audit(1095911881.298:0): avc:  denied
>{ execute } for  pid=11758 path=/lib/libcap.so.1.10 dev=hda3 ino=2867230
>scontext=root:system_r:ntpd_t tcontext=root:object_r:file_t tclass=file
>Sep 23 11:58:01 coeus kernel: audit(1095911881.300:0): avc:  denied
>{ read } for  pid=11758 exe=/usr/sbin/ntpdate name=localtime dev=hda3
>ino=229407 scontext=root:system_r:ntpd_t
>tcontext=system_u:object_r:file_t tclass=file
>Sep 23 11:58:01 coeus kernel: audit(1095911881.300:0): avc:  denied
>{ getattr } for  pid=11758 exe=/usr/sbin/ntpdate path=/etc/localtime
>dev=hda3 ino=229407 scontext=root:system_r:ntpd_t
>tcontext=system_u:object_r:file_t tclass=file
>Sep 23 11:58:05 coeus kernel: audit(1095911885.649:0): avc:  denied
>{ read } for  pid=11759 exe=/usr/sbin/ntpdate name=resolv.conf dev=hda3
>ino=229433 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t
>tclass=file
>Sep 23 11:58:05 coeus kernel: audit(1095911885.650:0): avc:  denied
>{ getattr } for  pid=11759 exe=/usr/sbin/ntpdate path=/etc/resolv.conf
>dev=hda3 ino=229433 scontext=root:system_r:ntpd_t
>tcontext=user_u:object_r:file_t tclass=file
>
>Which look different from bug id 132574 - the only thing I could find
>with SELinux and ntp.
>
>Is this a problem with policy, pebcak or a product of the upgrade?
>
>Thanks
>
>Carl Gherardi
>
>PS:
>My usb thumbdrives report
>Sep 23 07:42:28 coeus kernel: SCSI device sda: 499712 512-byte hdwr
>sectors (256 MB)
>Sep 23 07:42:28 coeus kernel: sda: Write Protect is off
>Sep 23 07:42:28 coeus kernel: sda: assuming drive cache: write through
>Sep 23 07:42:29 coeus kernel:  sda: sda1
>Sep 23 07:42:29 coeus kernel: Attached scsi removable disk sda at scsi0,
>channel 0, id 0, lun 0
>
>No device is created in /dev - udev? rtm?
>
>Carl
>
>--
>
>--
>This email is confidential and intended solely for the use of the individual to whom it is addressed.  
>Any views or opinions presented are solely those of the author and do not necessarily represent those of NAUTRONIX LTD.
>
>If you are not the intended recipient, you have received this email in error and use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.  If you have received this email in error please contact the sender.   
>
>Although our computer systems use active virus protection software, and we take various measures to reduce the risk of viruses being transmitted in e-mail messages and attachments sent from this company, we cannot guarantee that such e-mail messages and attachments are free from viruses on receipt.  It is a condition of our using e-mail to correspond with you, that any and all liability on our part arising directly or indirectly out of any virus is excluded.  Please ensure that you run virus checking software on all e-mail messages and attachments before reading them.
>
>
>  
>
Looks like you need a relabel.

More information about the test mailing list