Using MLS permissive policy selinux-policy-mls-3.3.1-77.fc9.noarch. I'm looking at some AVCs generated when I do a ausearch as root. I thought it was because the root context was set at SystemLow. I looked at the logs and all are set at SystemHigh except the last 4 (current audit.log + audit.log.[1-3]). [root@hugo sbin]# ls -al /var/log/audit/audit.log.[1-6] -r-------- 1 root root 5243230 2008-07-23 15:34 /var/log/audit/audit.log.1 -r-------- 1 root root 5242915 2008-07-22 12:36 /var/log/audit/audit.log.2 -r-------- 1 root root 5242932 2008-07-22 12:36 /var/log/audit/audit.log.3 -r-------- 1 root root 5243017 2008-06-27 12:33 /var/log/audit/audit.log.4 -r-------- 1 root root 5242977 2008-06-27 12:16 /var/log/audit/audit.log.5 -r-------- 1 root root 5242921 2008-06-27 11:52 /var/log/audit/audit.log.6 [root@hugo sbin]# ls -alZ /var/log/audit/audit.log.[1-6] -r-------- root root root:object_r:auditd_log_t:SystemLow /var/log/audit/audit.log.1 -r-------- root root root:object_r:auditd_log_t:SystemLow /var/log/audit/audit.log.2 -r-------- root root root:object_r:auditd_log_t:SystemLow /var/log/audit/audit.log.3 -r-------- root root system_u:object_r:auditd_log_t:SystemHigh /var/log/audit/audit.log.4 -r-------- root root system_u:object_r:auditd_log_t:SystemHigh /var/log/audit/audit.log.5 -r-------- root root system_u:object_r:auditd_log_t:SystemHigh /var/log/audit/audit.log.6 Is this correct (and if so, why)? Maybe I did something... Thx, LCB. -- LC (Lenny) Bruzenak lenny(a)magitekltd.com