AVC seen when a process writes to /dev/log socket, system logins are slow and/or service logs are not seen in the journal

Solution Verified - Updated -

Issue

  • On SELinux enabled systems, the following AVC can be seen when a process (or a service) attempts to write to /dev/log socket

    # ausearch -m avc | grep "devtmpfs"
type=AVC ... avc: denied { write } ... name=log dev="devtmpfs" ... tcontext=system_u:object_r:device_t:s0 tclass=sock_file

  • System logins are very slow after some time

  • Services that were started after rsyslogd don't log to the journal but rsyslogd directly, while services that were started before rsyslogd log to the journal

Environment

  • Red Hat Enterprise Linux 7 and later
    • rsyslog

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content