"Chuck R. Anderson" cra@WPI.EDU writes:
| On Sun, Mar 06, 2005 at 07:03:26PM +0100, Lars Gullik Bjønnes wrote:
I have the drift file in /var/lib/ntp/drift, but I get selinux errors for drift.TEMP:
Mar 6 18:51:26 slabber ntpd[26387]: can't open /var/lib/ntp/drift.TEMP: Permission denied Mar 6 18:51:26 slabber kernel: audit(1110131486.894:0): avc: denied { dac_override } for pid=26387 exe=/usr/sbin/ntpd capability=1 scontext=root:system_r:ntpd_t tcontext=root:system_r:ntpd_t tclass=capability
This is an updated FC3 system.
| What are the DAC unix permissions bits and owner/group on the file?
Of the directory you mean? It is creating the file in the first place that fails.
ls -la /var/lib/ntp/ total 24 drwxr-xr-x 2 ntp ntp 4096 Mar 6 22:20 . drwxr-xr-x 14 root root 4096 Feb 22 17:38 .. -rw-r--r-- 1 ntp ntp 7 Mar 6 22:20 drift
| I | am no expert in SELinux, but that AVC sounds to me like the standard | unix permissions are disallowing access to the file.
From /etc/selinux/targeted/contexts/file_contexts it seems this should
be allowed. But I am not familiar with the format:
grep -nr drift * files/file_contexts.pre:676:/var/lib/ntp(/.*)? system_u:object_r:ntp_drift_t files/file_contexts.pre:677:/etc/ntp/data(/.*)? system_u:object_r:ntp_drift_t files/file_contexts:676:/var/lib/ntp(/.*)? system_u:object_r:ntp_drift_t files/file_contexts:677:/etc/ntp/data(/.*)? system_u:object_r:ntp_drift_t