Description of problem: Latest versions of ntpd and selinux-policy generate avc denials in the log. (selinux configured for permissive mode). Version-Release number of selected component (if applicable): ntp-4.2.2p1-3 selinux-policy-2.4.3-10.fc6 How reproducible: Every time. Steps to Reproduce: 1. Install FC6. 2. Update to latest released version (not test). 3. Inspect /var/log/messages Actual results: Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:543): avc: denied { write } for pid=3379 comm="ntpd" name="ntp" dev=dm-0 ino=5374373 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:544): avc: denied { add_name } for pid=3379 comm="ntpd" name="drift.TEMP" scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:545): avc: denied { create } for pid=3379 comm="ntpd" name="drift.TEMP" scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:546): avc: denied { write } for pid=3379 comm="ntpd" name="drift.TEMP" dev=dm-0 ino=5374817 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:547): avc: denied { remove_name } for pid=3379 comm="ntpd" name="drift.TEMP" dev=dm-0 ino=5374817 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:548): avc: denied { rename } for pid=3379 comm="ntpd" name="drift.TEMP" dev=dm-0 ino=5374817 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file Nov 28 10:36:27 GSI10 kernel: audit(1164728187.753:549): avc: denied { unlink } for pid=3379 comm="ntpd" name="drift" dev=dm-0 ino=5375847 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file Expected results: Nothing in log file. Additional info:
drift files should be written to /var/lib/ntp not the /etc directory.