type=1400 audit(1252701837.071:11): avc: denied { read } for pid=832 comm="arping" path="/dev/console" dev=tmpfs ino=2086 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file
Why would arping read the /dev/console? Is this happening on boot up? Did setroubleshoot suggest this is a leaked file descriptor?
happens 4 times during boot up. setroubleshoot not on that box (it's a very stripped down router with a small amount of flash, so no space for all its dependancies).
I have no idea what is doing with this so I will dontaudit. Could you check the system call to see if it is happening on exec? Fixed in selinux-policy-3.6.31-4.fc12.noarch