Package: ntp
Version: 1:4.2.8p9+dfsg-2.1
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
On a SELinux enabled system, ntpd periodical generates some odd audits:
type=PROCTITLE msg=audit(02/17/17 22:52:21.790:167) :
proctitle=/usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:111
type=SYSCALL msg=audit(02/17/17 22:52:21.790:167) : arch=armeb
syscall=socket per=PER_LINUX_32BIT success=no
exit=EAFNOSUPPORT(Address family not supported by protocol) a0=unknown
family(0x0) a1=SOCK_DGRAM a2=ip a3=0x48381b00 items=0 ppid=1 pid=540
auid=unset uid=ntp gid=ntp euid=ntp suid=ntp fsuid=ntp egid=ntp
sgid=ntp fsgid=ntp tty=(none) ses=unset comm=ntpd exe=/usr/sbin/ntpd
subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(02/17/17 22:52:21.790:167) : avc: denied {
module_request } for pid=540 comm=ntpd kmod="net-pf-0"
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1
type=AVC msg=audit(02/17/17 22:52:21.790:167) : avc: denied { create
} for pid=540 comm=ntpd scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:ntpd_t:s0 tclass=socket permissive=1
The system is a raspberry pi 3 with a 4.9.2 kernel from
https://github.com/raspberrypi/linux/tree/rpi-4.9.y (Linux raspberrypi
4.9.2-v7+ #1 SMP Wed Jan 11 00:27:01 CET 2017 armv7l GNU/Linux)
