auditd service fails to start with "Could not open dir /var/log/audit (Permission denied)" error.
Issue
- After moving
/var/log/auditto its own file system, theauditdservice will not start with following error:
Aug 21 09:51:56 hostname kernel: type=1400 audit(1408629116.556:114710): avc: denied { read } for pid=34371 comm="auditd" name="/" dev=dm-53 ino=2 scontext=unconfined_u:system_r:auditd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Aug 21 09:51:56 hostname auditd: Could not open dir /var/log/audit (Permission denied)
Aug 21 09:51:56 hostname auditd: The audit daemon is exiting.
Environment
- Red Hat Enterprise Linux (RHEL).
- Auditd service.
- selinux contexts.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
