> Stephen, > > Here are the logs you requested: > > http://www.colliertech.org/federal/nsa/avc-20120206T090101.log Above logs exposes two bugs in your policy i believe. Are you using the latest available policy? possible temporary fixes: echo "avc: denied { associate } for pid=384 comm="restorecon" name="shm" dev=devtmpfs ino=5266 scontext=system_u:object_r:tmpfs_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem" | audit2allow -M myfs; sudo semodule -i myfs.pp echo "avc: denied { syslog } for pid=1824 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2" | audit2allow -M mykernel; sudo semodule -i mykernel.pp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
