On Monday 07 May 2007 11:56, Bill O'Donnell wrote:
> Stopping auditd:audit(1178276231.766:704): avc: denied { write } for
> pid=2911 comm="auditd" name="log" dev=tmpfs ino=10195
> scontext=system_u:system_r:auditd_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=sock_file
This would seem to indicate you have a mislabeled system. You should not have
a label of device_t type unless you have hardware we've not seen. Without
knowing more about how you got in this situation, its hard to say exactly
what the problem is. I'd start by relabeling your system.
-Steve
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
