Hi, these are the results of running strict policy selinux. Kernel: 2.6.7-1.448 Selinux-strict: 1.13.7-1 Filesystems: / is xfs, /tmp is tmpfs (is that a problem? xattrs?), /boot is ext3 I relabeled prior to running this test. I know there's a new version released today and I'll try that soon. I'm sorry if any of this are duplicates or have been fixed. ================================================================== audit2allow: allow dmesg_t staff_home_t:file { write }; allow dmesg_t user_home_t:file { write }; allow httpd_t bin_t:dir { getattr }; allow httpd_t httpd_log_t:file { write }; allow httpd_t sbin_t:dir { getattr }; allow httpd_t snmpd_var_lib_t:file { getattr write }; allow klogd_t boot_t:lnk_file { read }; allow lvm_t device_t:file { getattr }; allow lvm_t selinux_config_t:dir { search }; allow udev_t var_lock_t:dir { search }; allow xdm_xserver_t xdm_tmpfs_t:dir { getattr }; allow xfs_t tmpfs_t:dir { search }; ==================================================================== Denies summary - all of those occur during normal startup, and the dmesg ones are me trying to pipe dmesg to a log file in my home folder as root. LVM.STATIC 1) name = selinux tclass = dir denied { search } exe=lvm.static scontext = system_u:system_r:lvm_t tcontext = system_u:object_r:selinux_config_t 2) path = /dev/vcsa01 or /dev/vcsa05 tclass = file denied { getattr } exe=lvm.static scontext = system_u:system_r:lvm_t tcontext = system_u:object_r:device_t KLOGD 3) name = System.map tclass = lnk_file denied { read } exe=/sbin/klogd scontext = system_u:system_r:klog_t tcontext = system_u:object_r:boot_t UDEV 4) name = lock tclass = dir denied { search } exe=/bin/bash scontext = system_u:system_r:udev_t tcontext = system_u:object_r:var_lock_t HTTPD 5) name = /sbin or /usr/sbin tclass = dir denied { getattr } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:sbin_t 6) name = /bin or /usr/bin or /usr/X11R6/bin tclass = dir denied { getattr } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:bin_t 7) name = jk2.shm tclass = file denied { write } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:httpd_log_t 8) path = /usr/share/snmp/mibs/.index tclass = file denied { getattr } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:snmpd_var_lib_t name = .index tclass = file denied { write } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:snmpd_var_lib_t XFS 9) dev = tmpfs tclass = dir denied { search } exe = /usr/X11R6/bin/xfs scontext = system_u:system_r:xfs_t tcontext = system_u:object_r:tmpfs_t Xorg 10) dev = tmpfs path = /tmp/.X11-unix tclass = dir denied { getattr } exe = /usr/X11R6/bin/Xorg scontext = system_u:system_r:xdm_xserver_t tcontext = system_u:object_r:xdm_tmpfs_t Dmesg 11) path = /home/-username-/log tclass = file denied { write } exe = /bin/dmesg scontext = root:system_r:dmesg_t tcontext = root:object_r:user_home_t