Description of problem: Booting today with audit-1.6.4-1.fc9, auditd failed to start up: Dec 30 11:05:34 localhost auditd: /var/log/audit/audit.log permissions should be 0640 Dec 30 11:05:34 localhost auditd: The audit daemon is exiting. Dec 30 11:05:34 localhost kernel: audit(1199041534.187:4): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 Dec 30 11:05:34 localhost kernel: audit(1199041534.187:5): audit_backlog_limit=320 old=64 by auid=4294967295 res=1 /var/log/audit/audit.log's mode was 600. Changing the mode to 640 makes it work, but is this test right? Should the mode be changed in the post install script? Version-Release number of selected component (if applicable): audit-1.6.4-1.fc9 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Should be fixed in audit-1.6.4-3. I forgot to change the config parser to allow both 0600 and 0640 for the logs. Thanks for reporting the bug.