Summary: SELinux is preventing /usr/libexec/abrt-hook-python "read" access on /var/log/audit/audit.log.1. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by abrt-hook-pytho. It is not expected that this access is required by abrt-hook-pytho and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:abrt_helper_t:s0-s0:c0.c 1023 Target Context system_u:object_r:auditd_log_t:s0 Target Objects /var/log/audit/audit.log.1 [ file ] Source abrt-hook-pytho Source Path /usr/libexec/abrt-hook-python Port <Unknown> Host omega-3a.local Source RPM Packages abrt-addon-python-1.0.8-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-108.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name omega-3a.local Platform Linux omega-3a.local 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Wed 21 Apr 2010 11:07:33 AM CDT Last Seen Wed 21 Apr 2010 11:07:33 AM CDT Local ID 39cd690d-0eeb-4d7e-8f7b-2bbb82d2bc26 Line Numbers Raw Audit Messages node=omega-3a.local type=AVC msg=audit(1271866053.144:17291): avc: denied { read } for pid=13651 comm="abrt-hook-pytho" path="/var/log/audit/audit.log.1" dev=sda6 ino=1113522 scontext=unconfined_u:unconfined_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_log_t:s0 tclass=file node=omega-3a.local type=SYSCALL msg=audit(1271866053.144:17291): arch=c000003e syscall=59 success=yes exit=0 a0=4fe0a60 a1=502e6f0 a2=7fff733358d8 a3=20 items=0 ppid=13561 pid=13651 auid=500 uid=0 gid=0 euid=491 suid=491 fsuid=491 egid=0 sgid=0 fsgid=0 tty=pts1 ses=3199 comm="abrt-hook-pytho" exe="/usr/libexec/abrt-hook-python" subj=unconfined_u:unconfined_r:abrt_helper_t:s0-s0:c0.c1023 key=(null) This occurs when running "sealert -a /var/log/audit/audit.log.1" as root.