On Tue, 20 Mar 2007, Brett Serkez wrote:
> Just prior to the time change, I made sure that ntpd and my timezone
> files were properly setup. Since this time, I've noticed the
> following errors:
>
> audit(1173310084.404:5): avc: denied { read } for pid=8634
> comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662
> scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t
> tclass=file
>
> I've not successfully (so far) been able to find the selinux setting
> that is denying this access. I am running a reasonably standard
> (i.e. minimally customized) CentOS V4.4 system and have to believe
> there is a general change that should be made.
I don't know why ntpd would need to read that particular samba file,
but if you really want to know how to allow that operation...
First, ensure selinux-policy-targeted-sources package is installed.
Then create and activate your policy mod (this is done off the top of
my head -- test it first!):
# get into place
cd /etc/selinux/targeted/src/policy
# edit/create local.te
echo \
"allow ntpd_t samba_var_t:file { read };" \
>>domains/misc/local.te
# reload it
make reload
If you'd rather just get rid of the warnings without allowing ntpd
access to samba's /var files, then try the dontaudit macro in your
local.te file instead:
dontaudit ntpd_t samba_var_t:file { read };
--
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com