Description of problem: The combination of strict enforcing SELinux policy and this line in /usr/share/logwatch/scripts/services/audit: exit(0) unless -d '/selinux'; means that no log summary is produced for the "audit" service by /etc/cron.daily/0logwatch Because this line in /usr/share/logwatch/default.conf/services/audit.conf *OnlyService = (kernel:)?\s*audit.* filters out any non-audit log messages from the "pipe" into the service script, it is effectively passed a null-length pipe if SELinux is not running anyway. Hence the simplest fix is simply to remove the test for visibility of /selinux in the logwatch service script, and avoid any further change to SELinux policy. Version-Release number of selected component (if applicable): logwatch-7.3-7.fc6 and selinux-policy-strict-2.4.6-27.fc6 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
fixed in logwatch-7.3.2-6.fc7.