watching files in selinuxfs

When in enforcing mode, I am only able to audit files in selinuxfs by inode, not by path. I am running as auditadm_r. /* Try adding audit rule with -F path */ # auditctl -a exit,always -S open -F path=/selinux/enforce Error sending add rule request (Permission denied) # auditctl -l No rules /* Try adding audit rule with -w path syntax */ # auditctl -w /selinux/enforce Error sending add rule request (Permission denied) /* Try adding audit rule with -F inode */ # ls -i /selinux/enforce 4 /selinux/enforce # auditctl -a exit,always -S open -F inode=4 # auditctl -l LIST_RULES: exit,always inode=4 (0x4) syscall=open Since it is possible to audit the files, this might only require a documentation change. Perhaps adding a comment to the auditctl man page would be sufficient? -debbie