Multiple "avc:denied" warnings filling up audit.log regarding rsyslog

Solution In Progress - Updated -

Issue

audit.log is filling up with messages like these:

 kernel: type=1400 audit(1502095940.000:339245353): avc:  denied  { write } for  pid=3035 comm=72733A616374696F6E203120717565 name="rsyslog" dev=dm-0 ino=1966244 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=dir

Environment

Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Rsyslog
SELinux enabled

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.