My SELinux is very rusty. To find your current SELinux setting: getenforce
To set it to Permissive mode in order to use Achim's suggestion for log checking: setenforce Permissive This change won't persist across reboots. To change the context of the file, try: chcon -t system_u ntp.conf It's at this point that I usually give up and disable SELinux. :-) On Fri, Dec 23, 2016 at 2:59 PM, Hal Murray <hmur...@megapathdsl.net> wrote: > > strom...@nexgo.de said: >> From what you've been showing I think the config file needs to be in the >> system_u context in order for logrotate to not pick up any files that may >> have been dropped into the directory maliciously. > > Thanks. That sounds right, but what do I type to make it happen? The whole > area of files having a security context (I think that's the right term) is > something I don't know anything about. Is there a HOWTO type document for > things like this? > > I want to put a comment in the top of the file that says roughly: > > if you run SELinux, you need to do: > what goes here? > For more info see xxx > > > -- > These are my opinions. I hate spam. > > > > _______________________________________________ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
