NTPD and SELINUX problem

TheEngineer · 03-16-2009, 11:36 AM

Hi.

I'm using RHEL4.x and I've been getting the following error in the /var/log/messages file for a few months or so now and don't know how to resolve the problem.

The error is:

Code:

Mar 16 16:19:19 localhost kernel: audit(1237220359.753:320): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.753:321): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.753:322): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.754:323): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.754:324): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.754:325): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.754:326): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.754:327): avc:  denied  { search } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.755:328): avc:  denied  { getattr } for  pid=8151 comm="ntpd" name="lib" dev=hdb6 ino=1177345 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.755:329): avc:  denied  { search } for  pid=8151 comm="ntpd" name="tls" dev=hdb6 ino=1444400 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.755:330): avc:  denied  { search } for  pid=8151 comm="ntpd" name="tls" dev=hdb6 ino=1444400 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.755:331): avc:  denied  { search } for  pid=8151 comm="ntpd" name="tls" dev=hdb6 ino=1444400 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost kernel: audit(1237220359.755:332): avc:  denied  { getattr } for  pid=8151 comm="ntpd" name="tls" dev=hdb6 ino=1444400 scontext=root:system_r:ntpd_t tcontext=user_u:object_r:file_t tclass=dir
Mar 16 16:19:19 localhost ntpd: ntpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory
Mar 16 16:19:19 localhost ntpd: ntpd startup failed

Has anyone had similar problems and managed to sort it out ??

Thanking you in advance.

******* · 03-16-2009, 12:23 PM

SE Linux Access Vector Cache messages can be dealt with piping them through audit2allow and using the resultant rules to adjust your local policy with.

TheEngineer · 03-17-2009, 06:08 AM

Thanks for the reply.

Before I was going to attempt to use the "audit2allow" command, I decided to try one last thing and managed to sort the problem out by running "system-config-securitylevel" then clicking on the "SELinux" tab and ticking the "Relabel on next reboot" box. When I rebooted, it took a couple of minutes to relabel and then the NTP daemon ran normally...

I did try to use the "restorecon" command several times before but had no luck with it...