gentoo-hardened April 2008 archive
Main Archive Page > Month Archives  > gentoo-hardened archives
gentoo-hardened: [gentoo-hardened] hwclock and selinux

[gentoo-hardened] hwclock and selinux

From: Franois Valenduc <francois.valenduc_at_nospam>
Date: Sun Apr 20 2008 - 08:27:07 GMT
To: gentoo-hardened@lists.gentoo.org


Hello everybody,
I have installed selinux on my computer and there is a problem with hwclock. It is denied by selinux and as a result, time keeps set to UTC instead of CEST (since I am living in Belgium) I get this message in dmesg:

type=1400 audit(1208682664.167:223): avc: denied { read write } for pid=29607 comm="hwclock" path="/var/log/faillog" dev=dm-6 ino=271083 scontext=root:system_r:hwclock_t tcontext=system_u:object_r:faillog_t tclass=file

I also got this error:
type=1400 audit(1208679707.497:84): avc: denied { read } for pid=18454 comm="hwclock" path="/dev/urandom" dev=tmpfs ino=2059 scontext=root:system_r:hwclock_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file

However, I think I solved it by issuing the commands "setsebool -P global_ssp 1" and "load_policy"

Does anybody have any idea about this problem ? I have already relabelled filesystems two times and I also re-emerged util-linux, but it doesn't work yet.

Thanks for your help,
Franois Valenduc -- gentoo-hardened@lists.gentoo.org mailing list