Why are overwhelming amount of audit logs generated while reloading SELinux policy?

Solution In Progress - Updated -

Issue

  • When one does something that requires an SELinux policy reload, it generates around 15000+ audit events all saying the same thing.
  • They all have the message selinux_audit_rule_match: stale rule.
  • This is coming from the function selinux_audit_rule_match() in the kernel file security/selinux/ss/services.c.
  • Is there any known issue with SELinux or kernel ?

Environment

  • Red Hat Enterprise Linux 6.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.