Red Hat Bugzilla – Bug 457981
Numerous SELinux avc alerts from ntpd. (/etc/drift)
Last modified: 2008-08-07 08:23:30 EDT
Description of problem:
Numerous SELinux alerts as ntpd attempts to manipulate /etc/drift
Version-Release number of selected component (if applicable):
IPL - policy->targeted, enforcment->permissive
Steps to Reproduce:
2. wait for time to drift
No alerts for standard ntpd
Created attachment 313489 [details]
Series of avc alerts from targeted policy
SELinux allows the creation/writing of the drift file in /var/lib/ntp and /etc/ntp/data
Why is this being created in /etc/ntp?
Did you change the defaults?
(In reply to comment #2)
> SELinux allows the creation/writing of the drift file in /var/lib/ntp and
> Why is this being created in /etc/ntp?
> Did you change the defaults?
Not intentionally. But, following your hint, I found the culprit.
The local kickstart's %post script was entirely too helpful by (re)creating /etc/ntp.conf to reference the in-house ntp server. That was the root cause. The clause in question has been carried forward for several releases.
Not A Bug. Thanks!