avc for gpsd and ntpd use of shm
Skunk Worx
skunkworx at verizon.net
Fri Mar 18 14:11:35 UTC 2011
Sup,
I am using EPEL 6 and a garmin 18 LVC on a serial port with gpsd. I am
fairly new to the selinux environment.
ntpd is supposed to be able to access a couple of shm locations to get
time from the gps daemon.
In /var/log/messages I see :
Mar 18 00:10:11 localhost ntpd[8899]: SHM shmget (unit 0): Permission denied
Mar 18 00:10:11 localhost ntpd[8899]: configuration of 127.127.28.0 failed
Mar 18 00:10:11 localhost ntpd[8899]: SHM shmget (unit 1): Permission denied
Mar 18 00:10:11 localhost ntpd[8899]: configuration of 127.127.28.1 failed
Also avc messages :
type=SYSCALL msg=audit(1300431471.964:16749): arch=40000003 syscall=117
success=no exit=-13 a0=17 a1=4e545031 a2=50 a3=3c0 items=0 ppid=1
pid=8795 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=12 comm="ntpd" exe="/usr/sbin/ntpd"
subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1300432211.929:16768): avc: denied { unix_read
unix_write } for pid=8899 comm="ntpd" key=1314148400
scontext=unconfined_u:system_r:ntpd_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
type=SYSCALL msg=audit(1300432211.929:16768): arch=40000003 syscall=117
success=no exit=-13 a0=17 a1=4e545030 a2=50 a3=3c0 items=0 ppid=1
pid=8899 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=12 comm="ntpd" exe="/usr/sbin/ntpd"
subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1300432211.930:16769): avc: denied { unix_read
unix_write } for pid=8899 comm="ntpd" key=1314148401
scontext=unconfined_u:system_r:ntpd_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
Here's some direction from audit2allow :
# grep ntpd /var/log/audit/audit.log | audit2allow
#============= ntpd_t ==============
allow ntpd_t unconfined_t:shm { unix_read unix_write };
Should I use audit2allow and create a policy package to fix this or is
there a better way?
Thanks,
John
More information about the users
mailing list