Description of problem: When chronyd is configured with the rtcfile directive, it tries to read /etc/adjtime in order to determine whether the RTC is keeping time in UTC or local time, but that fails due to SELinux. Errors in the permissive mode: type=AVC msg=audit(1487684658.011:50511): avc: denied { read } for pid=14299 comm="chronyd" name="adjtime" dev="sda1" ino=33610853 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:adjtime_t:s0 tclass=file permissive=1 type=AVC msg=audit(1487684658.011:50512): avc: denied { open } for pid=14299 comm="chronyd" path="/etc/adjtime" dev="sda1" ino=33610853 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:adjtime_t:s0 tclass=file permissive=1 type=AVC msg=audit(1487684658.011:50513): avc: denied { getattr } for pid=14299 comm="chronyd" path="/etc/adjtime" dev="sda1" ino=33610853 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:adjtime_t:s0 tclass=file permissive=1 Version-Release number of selected component (if applicable): selinux-policy-3.13.1-225.6.fc25.noarch How reproducible: Always Steps to Reproduce: 1. replace "rtcsync" in /etc/chrony.conf with "rtcfile /var/lib/chrony/rtc" 2. restart chronyd
It seems this was fixed in 3.13.1-225.12.fc25 and 3.13.1-244.fc26. Thanks!