Thursday, January 27, 2011

selinux, hwclock and /etc/adjtime

If you are having problems with hwclock, you may want to remove the file '/etc/adjtime' and let hwclock recreate the file, for reasons discussed here:

"hwclock never updates drift factor in /etc/adjtime if time is always set more than once a day"

However, if you have selinux enabled, with an enforcing targeted policy, this will result in the wrong file security context. Here is how to fix it:

# ls -Z /etc/adjtime
-rw-r--r-- root root root:object_r:etc_t:s0 /etc/adjtime

# restorecon -v /etc/adjtime
restorecon reset /etc/adjtime context root:object_r:etc_t:s0->system_u:object_r:adjtime_t:s0

# ls -Z /etc/adjtime
-rw-r--r-- root root system_u:object_r:adjtime_t:s0 /etc/adjtime

# grep adjtime /etc/selinux/targeted/contexts/files/file_contexts
/etc/adjtime -- system_u:object_r:adjtime_t:s0