Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 457981

Summary: Numerous SELinux avc alerts from ntpd. (/etc/drift)
Product: Red Hat Enterprise Linux 5 Reporter: Rich Johnson <richard.johnson>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-07 12:23:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Series of avc alerts from targeted policy none

Description Rich Johnson 2008-08-05 21:44:55 UTC 
Description of problem:
Numerous SELinux alerts as ntpd attempts to manipulate /etc/drift

Version-Release number of selected component (if applicable):
  ntp-4.2.2p1-8.el5

How reproducible:
  IPL - policy->targeted, enforcment->permissive

Steps to Reproduce:
1.  Install
2.  wait for time to drift
3.
  
Actual results:
  See attached

Expected results:
  No alerts for standard ntpd

Additional info:
Comment 1 Rich Johnson 2008-08-05 21:49:45 UTC 
Created attachment 313489 [details]
Series of avc alerts from targeted policy
Comment 2 Daniel Walsh 2008-08-06 17:55:57 UTC 
SELinux allows the creation/writing of the drift file in /var/lib/ntp and /etc/ntp/data

Why is this being created in /etc/ntp?

Did you change the defaults?
Comment 3 Rich Johnson 2008-08-06 19:23:20 UTC 
(In reply to comment #2)
> SELinux allows the creation/writing of the drift file in /var/lib/ntp and
> /etc/ntp/data
> 
> Why is this being created in /etc/ntp?
> 
> Did you change the defaults?

Not intentionally.  But, following your hint, I found the culprit.

The local kickstart's %post script was entirely too helpful by (re)creating /etc/ntp.conf to reference the in-house ntp server.  That was the root cause.  The clause in question has been carried forward for several releases.

Not A Bug.  Thanks!