Issue

• auditd will not start with selinux enabled
• If selinux is configured to permissive mode,auditd starts fine
• The below are the AVC's:

 Jun 7 11:42:05 ccsvm kernel: type=1400 audit(1275925325.162:58): avc: denied  { dac_override } for  pid=4685 comm="auditd" capability=1 context=user_u:system_r:auditd_t:s0 tcontext=user_u:system_r:auditd_t:s0 tclass=capability  
 Jun 7 11:42:05 ccsvm kernel: type=1400 audit(1275925325.162:58): avc: denied  { dac_read_search } for  pid=4685 comm="auditd" capability=2 scontext=user_u:system_r:auditd_t:s0 tcontext=user_u:system_r:auditd_t:s0 tclass=capability  
 Jun 7 11:42:05 ccsvm kernel: type=1400 audit(1275925325.162:58): avc: denied  { dac_override } for  pid=4685 comm="auditd" capability=1 scontext=user_u:system_r:auditd_t:s0 context=user_u:system_r:auditd_t:s0 tclass=capability  
 Jun 7 11:42:05 ccsvm kernel: type=1400 audit(1275925325.162:58): avc: denied  { dac_read_search } for  pid=4685 comm="auditd" capability=2 scontext=user_u:system_r:auditd_t:s0 tcontext=user_u:system_r:auditd_t:s0 tclass=capability  
 Jun 7 11:42:05 ccsvm kernel: type=1300 audit(1275925325.162:58): arch=c000003e syscall=2 success=no exit=-13 a0=7fff5a0dd16b a1=400 a2=d4f a3=0 items=2 ppid=4684 pid=4685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=4294967295 comm="auditd" exe="/sbin/auditd" subj=user_u:system_r:auditd_t:s0 key=(null)  
 Jun 7 11:42:05 ccsvm kernel: type=1307 audit(1275925325.162:58): cwd="/" 
 Jun 7 11:42:05 ccsvm kernel: type=1302 audit(1275925325.162:58): item=0 name="/var/log/audit/audit.log"  
 Jun 7 11:42:05 ccsvm kernel: type=1302 audit(1275925325.162:58): item=1 name="/var/log/audit/audit.log"  
 Jun 7 11:42:05 ccsvm auditd: Unable to open /var/log/audit/audit.log (Permission denied)  
 Jun 7 11:42:05 ccsvm auditd: The audit daemon is exiting.

• Permissions of /var/log/audit/audit.log

 -rw-r----- 1 root root 108095 Jun  7 11:41 /var/log/audit/audit.log

• Attempting a service auditd restart fails to resolve the issue