Sid Boyce wrote:
Hans Witvliet wrote:
Sid Boyce wrote:
type=APPARMOR msg=audit(1159712726.582:6): REJECTING r access to /proc/net/if_inet6 (ntpd(3687) profile /usr/sbin/ntpd active /usr/sbin/ntpd) type=APPARMOR msg=audit(1159713575.608:7): REJECTING m access to /etc/ld.so.cache (netstat(4724) profile /bin/netstat active /bin/netstat) type=APPARMOR msg=audit(1159755718.633:8): REJECTING m access to /etc/ld.so.cache (netstat(801) profile /bin/netstat active /bin/netstat) type=APPARMOR msg=audit(1159802849.507:9): REJECTING m access to /etc/ld.so.cache (netstat(6917) profile /bin/netstat active /bin/netstat)
OK, I'm running a vanilla kernel without apparmor, selinux enabled and the apparmor panel says apparmor is disabled, so it's puzzling. At one stage I did look around for apparmor patches, but none could be found.
Hi Sid,
It may be nothing, but you wrote that you have selinux ENabled. Same behaviour when you disable it?
Hans
At the moment it is not configured, but from .config CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 # CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT is not set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=19
I can build a kernel with it disabled to see if it's a problem. Before 10.1-GM there was never a problem and there is no problem with SUSE kernels. Grub menu.list does not have "selinux=". Regards Sid.
Strange, I just checked the Athlon 64x2 box with 10.1 installed, kernel 2.6.18-git20-smp, no selinux compiled in and ntp keeps the time rock solid. Athlon64 laptop with 2.6.19-rc1-git4 currently but that also went through 2.6.18/2.6.18-git series, this Athlon XP3200+ (32-bit) at 2.6.19-rc2 (no selinux) which also went through the 2.6.18/2.6.18-git series, both experiencing significant clock drift. The 64x2 box has reference in audit.log to postfix apparmor rejects, but no ntp reject errors. xntp-4.20a-70.4 on the 10.1 x86_64 boxes and xntp-4.2.2p2-4 (upgraded) on the 10.2Alpha4 32-bit box. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org