[CentOS] selinux ntp samba error message

Tue Mar 20 16:33:19 UTC 2007
Paul Heinlein <heinlein at madboa.com>

On Tue, 20 Mar 2007, Brett Serkez wrote:

> Just prior to the time change, I made sure that ntpd and my timezone 
> files were properly setup.  Since this time, I've noticed the 
> following errors:
> audit(1173310084.404:5): avc:  denied  { read } for  pid=8634
> comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662
> scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t
> tclass=file
> I've not successfully (so far) been able to find the selinux setting 
> that is denying this access.  I am running a reasonably standard 
> (i.e. minimally customized) CentOS V4.4 system and have to believe 
> there is a general change that should be made.

I don't know why ntpd would need to read that particular samba file, 
but if you really want to know how to allow that operation...

First, ensure selinux-policy-targeted-sources package is installed. 
Then create and activate your policy mod (this is done off the top of 
my head -- test it first!):

   # get into place
   cd /etc/selinux/targeted/src/policy
   # edit/create local.te
   echo \
     "allow ntpd_t samba_var_t:file { read };" \
   # reload it
   make reload

If you'd rather just get rid of the warnings without allowing ntpd 
access to samba's /var files, then try the dontaudit macro in your 
local.te file instead:

   dontaudit ntpd_t samba_var_t:file { read };

Paul Heinlein <> heinlein at madboa.com <> www.madboa.com