On a Bastilled FC3 latest kernel and with the strict SE Linux policy (1.19), if not in permissive mode, the auditd daemon refuses to start with the following error messages in /var/log/messages: ... Unable to set audit pid, exiting. ... Error sending failure mode request (Operation not permitted). Once the daemon starts in permissive mode, it is not a problem to revert SE Linux back to enforcing mode, the daemon stays up (and performs as expected). Have started Fedora with audit=1 kernel option and enabled the noisy events in SE Linux (make enableaudit & make load in the strict policy source directory), auditd-related denials have all been explicitly allowed in our custom.te policy under domains/misc. Auditd daemon still fails to start in enforcing mode, and no selinux denials are generated when we try to start it. Using the above method, we have been able to get the system to boot in enforcing mode and run all the programs & daemons we needed to run (with no selinux denials, except attempts to access shadow_t which is protected by an assertion in the strict policy), except for auditd. Any hints on how to resolve this issue? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
