file_context for ntpd policy should include /usr/sbin/ntpd as well, which is where openntpd installs itself rather than in /usr/bin Reproducible: Always Steps to Reproduce: 1. 2. 3.
fixed in selinux-ntp-20041120 (that is currently ~ masked)
Just realized it needs theese too : /etc/ntpd\.conf system_u:object_r:ntp_etc_t and for other settings: allow ntpd_t ntpd_t:capability { sys_chroot }; #EXE=/usr/sbin/ntpd : sys_chroot allow ntpd_t random_device_t:chr_file { read }; #EXE=/usr/sbin/ntpd NAME=random : read It also reports an error the -first- time its launched about the PRNG not being initialized, but then works at a manual restart. not sure whats going on there.
random_device_t rule added to selinux-ntp-20050101. the others were covered by selinux-ntp-20041120 Happy New Year everyone :)