Why are overwhelming amount of audit logs generated while reloading SELinux policy?

Solution In Progress - Updated -

Issue

  • When one does something that requires an SELinux policy reload, it generates around 15000+ audit events all saying the same thing.
  • They all have the message selinux_audit_rule_match: stale rule.
  • This is coming from the function selinux_audit_rule_match() in the kernel file security/selinux/ss/services.c.
  • Is there any known issue with SELinux or kernel ?

Environment

  • Red Hat Enterprise Linux 6.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content