Something in Rawhide spams SELinux or audit messages to every terminal

Richard W.M. Jones rjones at
Sat Mar 21 17:29:20 UTC 2015

On Sun, Mar 22, 2015 at 11:29:21PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Mar 20, 2015 at 02:14:38PM +0000, Richard W.M. Jones wrote:
> > Message from syslogd at trick at Mar 20 14:13:46 ...
> >  journal:<audit-2404> pid=2038 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5e:91:96:9b:d3:3c:42:5c:21:e8:fe:8e:4c:c6:a8:ef:cb:3f:ff:b8:e8:c8:b0:2a:a3:d9:c7:65:40:dc:7a:62 direction=? spid=2046 suid=1000  exe="/usr/sbin/sshd" hostname=? addr= terminal=? res=success'
> > 
> > If someone can suggest a suitable component and what diagnostics would
> > be needed, I can file a bug.
> It looks like journald reads audit messages and saves them to the
> journal, and you are running a syslog daemon which forwards them to
> the console. It would seem that the messages are saved by journald
> with a wrong syslog priority level... Can you find the corresponding message
> in 'journalctl -o verbose' output and paste the full entry?

This bug was diagnosed and fixed here:


Richard Jones, Virtualization Group, Red Hat
Read my programming and virtualization blog:
virt-builder quickly builds VMs from scratch

More information about the devel mailing list