That all seems like a lot of work. Also, whos to say they wont update the kernel again the same way and im back on the list 6 mo from now. And it seems to work in permissive mode, but that's not selinux exactly is it... # ntpdate -q ntp-2.cso.uiuc.edu Looking for host ntp-2.cso.uiuc.edu and service ntp host found : ntp-2.gw.uiuc.edu server 130.126.24.44, stratum 2, offset -46708.392381, delay 0.04820 17 Jun 22:51:14 ntpdate[1431]: step time server 130.126.24.44 offset -46708.392381 sec .. -----Original Message----- From: fedora-selinux-list-bounces(a)redhat.com [mailto:fedora-selinux-list-bounces@redhat.com] On Behalf Of Stephen Smalley Sent: Thursday, June 17, 2004 9:45 AM To: Fedora SELinux support list for users & developers. Subject: RE: ntp On Thu, 2004-06-17 at 10:12, David Balazic wrote: Shrug. If you want to be conservative, you can just patch your policy to include the devnull initial SID rather than trying to update to rawhide. -- Stephen Smalley <sds(a)epoch.ncsc.mil&gt; National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list(a)redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list