Re: [chrony-users] tempcomp.log not created (on Fedora 17 & 20) when chronyd started from systemd

[Ferry de Jong <ferry.de.jong@xxxxxxxxx>]

 

Do you have SELinux enabled and in enforcing mode?

Yes SELinux was active in enforced mode, I now found the same type of logging with ausearch.

localhost kernel: [4318977.190860] type=1400 audit(1393589239.761:26): avc:  denied  { read } for  pid=23165 comm="chronyd" name="hwmon0" dev="sysfs" ino=15502 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file

chronyd is unable to read the file and there is nothing to write to
the tempcomp log.

Unfortunately I'm unfamiliar with fixing these SELinux policy issues. Can it been seen as a shortcoming in the default SELinux policies that chronyd can not read files in sysfs, or should one add a definition rule oneself? Any suggestion how I should do it for this specific case?

Wouldn't it be nice if chronyd reports some sort of logging if it can not access the tempcomp specified file, now it seems to silently ignore the inability to open/read the file, making the diagnosis of this issue harder than necessary.

 

> tempcomp /sys/class/hwmon/hwmon0/device/temp2_input 10 45000 0.0 0.000001
> 0.0