Hey Steve,

Under the FC5 MLS policy, what is the magic incantation of SELinux role and MLS range that will make auditctl go? I've tried staff_r, with staff_t and SystemLow, which I did not expect to work (and it didn't). I've also tried sysadm_[rt] and secadm_[rt] with both SystemHigh and SystemLow. So far, no combination has lead to auditctl being usable. secadm & sysadm attempts resolve in a direct bash denial message, whereas staff _can_ execute audit, but I get the messages:
"Error sending (rule/watch) list request (Permission denied)"

Anyone know the magic or is this a policy bug?

Thanks,
Mike