On 07/18/2015 08:02 PM, jd1008 wrote: > egid=0 sgid=0 fsgid=0 ses=37 tty=(none) comm=sa1 exe=/usr/bin/sh > subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 Right there's you're answer: /usr/bin/sh, AKA bash.