I figured it out. Once I got auditd running again, I was able to use audit2allow to get the right policies from SELinux. Once I did that, rsyslogd could read the logs in /var/named/data/ --Matthew Wilkinson -----Original Message----- From: birdynam [mailto:birdynambox@xxxxxxxxx] Sent: Friday, September 22, 2017 12:41 To: selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: Unable to use audit2allow on avc denials [This is an external email. Be cautious with links, attachments and responses.] ********************************************************************** Yep your right, i just wanted to point the fact that even if the logs are in messages instead of audit.log, audit2allow can be used (related to Wilkinson Matthew post). Birdy. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
