Has anyone seen SELinux log to /var/log/messages but *not* to /var/log/audit/audit.log? I have a situation that is being denied by SELinux and logging avc denials to /var/log/messages, however I can't determine a way to fix it because I get nothing for this denial logged to /var/log/audit/audit.log. This prevents me from generating a policy using audit2allow or sealert. Situation: I have a RHEL 7-based server which is running bind-chroot and I'd like for rsyslog to collect and send the named.log and query.log to our centralized rsyslog server. With SELinux in enforcing mode, rsyslog cannot read the named logs. Do I need to write my own custom SELinux policy? Thanks, Matthew Wilkinson _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
