Hi Andrew,

On Fri, 2 May 2008, Andrew Elwell wrote:

> Hi folks,
>
> does anyone have the magic incantation to hand (apart from 'setenforce 
> permissive') to stop ntpd being blocked from writing to the driftfile etc. On 
> our enforcing machines we see large fluctuations in NTP stability

unless you are willing to modify the policy (which is rather painful on 
SL4), you probably want to "setsebool -P ntpd_disable_trans 1". Ntpd will 
run in the initrc_t domain after the next restart, which should be 
sufficient on SL4.

Hope this helps,
 	Stephan

-- 
Stephan Wiesand
   DESY - DV -
   Platanenallee 6
   15738 Zeuthen, Germany