Try (as root): service auditd restart and see if auditd returns OK or FAIL? It might spit out some errors, or put something in /var/log/messages. If it complains about the log not being writable by owner, then "chmod u+w /var/log/audit/*" is what fixed it for me. It could also be an SELinux problem, but only if you have SELINUX=enforcing in /etc/selinux/config. On my test machine, I generally set SELINUX=permissive there so I see avc denials, but everything continues working even if there is an SELinux misconfiguration. > Disable SELinux and AVCs will be gone. Forever. I agree SELinux can be quite frustrating once you start customizing services, and I have been known to turn it off entirely for that reason. But for testing purpose, it's extremely useful to have people like us stumble across avc denials so the general public doesn't have to, and they can enjoy the security benefits. -B. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list