Auditd not starting with SELinux enforcing

Solution Verified - Updated -

Issue

  • The auditd service fails when selinux is in enforcing mode. It starts when selinux is permissive.

    # service auditd start
Starting auditd:                                           [FAILED]
# setenforce 0
# service auditd start
Starting auditd:                                           [  OK  ]

  • The avc denial logs in audit.log file shows selinux context issue on audit.rules file

    type=AVC msg=audit(1570212026.551:137): avc:  denied  { open } for  pid=4339 comm="auditctl" name="audit.rules" dev=dm-0 ino=656423 scontext=unconfined_u:system_r:auditctl_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content