# ls -Z /var/run/auditd.pid /var/run/audispd_events srw-r----- root root system_u:object_r:audisp_var_run_t:SystemHigh /var/run/audispd_events -rw-r--r-- root root system_u:object_r:auditd_var_run_t:SystemHigh /var/run/auditd.pid # restorecon -rv /var/run/ restorecon reset /var/run/audispd_events context system_u:object_r:audisp_var_run_t:s15:c0.c1023->system_u:object_r:audisp_var_run_t:s0 restorecon reset /var/run/auditd.pid context system_u:object_r:auditd_var_run_t:s15:c0.c1023->system_u:object_r:auditd_var_run_t:s0 [root@hugo ~]# ls -Z /var/run/auditd.pid /var/run/audispd_events srw-r----- root root system_u:object_r:audisp_var_run_t:SystemLow /var/run/audispd_events -rw-r--r-- root root system_u:object_r:auditd_var_run_t:SystemLow /var/run/auditd.pid I assume that both these files should be kept at SystemHigh? selinux-policy-mls-3.4.2-14.fc9.noarch Thx, LCB. -- LC (Lenny) Bruzenak lenny(a)magitekltd.com