The selinux dontaudit change that was done in 5.4 was a temporary workaround. This BZ is for the proper fix in dmraid. This will require some further investigation, since the root cause was never uncovered.
Anyone see any problems if we moved the file to /var/cache/logwatch/dmeventd/syslogpattern.txt ?
For the time being, we don't activate monitoring in initrd so it should work. Once we decide to change this, /var ain't mounted yet and we'll get a problem.
Change as of comment #5 added to repository.
*** Bug 508745 has been marked as a duplicate of this bug. ***
dmeventd_syslogpattern.txt is the file that has beeing created in /etc/logwatch/scripts/services and caused SELinux denials. This file is in the new version 60.el5 being created in /var/cache/logwatch/dmeventd/ $ rpm -q dmraid-events-logwatch dmraid-events-logwatch-1.0.0.rc13-60.el5 $ diff /tmp/dmeventd.33.el5 /etc/logwatch/scripts/services/dmeventd 40c40 < "/etc/logwatch/scripts/services/dmeventd_syslogpattern.txt"; --- > "/var/cache/logwatch/dmeventd/syslogpattern.txt";
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0286.html
*** Bug 509962 has been marked as a duplicate of this bug. ***