auditd service fails to start with "Could not open dir /var/log/audit (Permission denied)" error.

Solution Unverified - Updated 2021-12-24T06:03:23+00:00 -

Issue

After moving /var/log/audit to its own file system, the auditd service will not start with following error:

Aug 21 09:51:56 hostname kernel: type=1400 audit(1408629116.556:114710): avc:  denied  { read } for  pid=34371 comm="auditd" name="/" dev=dm-53 ino=2 scontext=unconfined_u:system_r:auditd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Aug 21 09:51:56 hostname auditd: Could not open dir /var/log/audit (Permission denied)
Aug 21 09:51:56 hostname auditd: The audit daemon is exiting.

Environment

Red Hat Enterprise Linux (RHEL).
Auditd service.
selinux contexts.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

auditd service fails to start with "Could not open dir /var/log/audit (Permission denied)" error.

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links