Stephen wrote: > Hmm...enabled=0, i.e. disabled. > Might need to boot with audit=1 on the kernel command line then. > Or enable auditd (chkconfig auditd on). audit=1 on the kernel command line doesn't change things. auditctl -s still says enabled=0. Same for "chkconfig auditd on" and reboot. I've installed the latest refpolicy from the tresys source repository. Attached is the audit.log after booting that policy (init_upstart --> on)
Attachment:
audit.log
Description: audit.log
