Mailinglist Archive: opensuse-factory (592 mails)

< Previous Next >
Re: [opensuse-factory] ntp problems
  • From: Sid Boyce <sboyce@xxxxxxxxxxxxxxxx>
  • Date: Sun, 15 Oct 2006 17:11:55 +0100
  • Message-id: <45325DCB.6050700@xxxxxxxxxxxxxxxx>
Sid Boyce wrote:
Hans Witvliet wrote:
Sid Boyce wrote:

type=APPARMOR msg=audit(1159712726.582:6): REJECTING r access to
/proc/net/if_inet6 (ntpd(3687) profile /usr/sbin/ntpd active
/usr/sbin/ntpd) type=APPARMOR msg=audit(1159713575.608:7): REJECTING m
access to /etc/ld.so.cache (netstat(4724) profile /bin/netstat active
/bin/netstat) type=APPARMOR msg=audit(1159755718.633:8): REJECTING m
access to /etc/ld.so.cache (netstat(801) profile /bin/netstat active
/bin/netstat) type=APPARMOR msg=audit(1159802849.507:9): REJECTING m
access to /etc/ld.so.cache (netstat(6917) profile /bin/netstat active
/bin/netstat)

OK, I'm running a vanilla kernel without apparmor, selinux enabled and
the apparmor panel says apparmor is disabled, so it's puzzling. At one
stage I did look around for apparmor patches, but none could be found.

Hi Sid,

It may be nothing, but you wrote that you have selinux ENabled.
Same behaviour when you disable it?

Hans

At the moment it is not configured, but from .config
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT is not set
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=19

I can build a kernel with it disabled to see if it's a problem. Before 10.1-GM there was never a problem and there is no problem with SUSE kernels. Grub menu.list does not have "selinux=".
Regards
Sid.

Strange, I just checked the Athlon 64x2 box with 10.1 installed, kernel 2.6.18-git20-smp, no selinux compiled in and ntp keeps the time rock solid. Athlon64 laptop with 2.6.19-rc1-git4 currently but that also went through 2.6.18/2.6.18-git series, this Athlon XP3200+ (32-bit) at 2.6.19-rc2 (no selinux) which also went through the 2.6.18/2.6.18-git series, both experiencing significant clock drift.
The 64x2 box has reference in audit.log to postfix apparmor rejects, but no ntp reject errors.
xntp-4.20a-70.4 on the 10.1 x86_64 boxes and xntp-4.2.2p2-4 (upgraded) on the 10.2Alpha4 32-bit box.
Regards
Sid.
--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach
Microsoft Windows Free Zone - Linux used for all Computing Tasks

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >