Summary: SELinux is preventing /usr/sbin/rndc "module_request" access on . Detailed Description: SELinux denied access requested by rndc. The current boolean settings do not allow this access. If you have not setup rndc to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Allowing Access: Confined processes can be configured to run requiring different access, SELinux provides booleans to allow you to turn on/off access as needed. The boolean domain_kernel_load_modules is set incorrectly. Boolean Description: Allow all domains to have the kernel load modules Fix Command: # setsebool -P domain_kernel_load_modules 1 Additional Information: Source Context unconfined_u:system_r:ndc_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects None [ system ] Source rndc Source Path /usr/sbin/rndc Port Host ASFD Source RPM Packages bind-9.7.2-4.P3.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-14.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall_boolean Host Name a Platform Linux a 2.6.35.9-64.fc14.i686.PAE #1 SMP Fri Dec 3 12:28:00 UTC 2010 i686 i686 Alert Count 2 First Seen Mon 13 Dec 2010 09:06:40 PM CET Last Seen Mon 13 Dec 2010 09:28:04 PM CET Local ID ASDF Line Numbers Raw Audit Messages node=a type=AVC msg=audit(ASDF): avc: denied { module_request } for pid=2413 comm="rndc" kmod="net-pf-10" scontext=unconfined_u:system_r:ndc_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system node=a type=SYSCALL msg=audit(1292272084.966:20063): arch=40000003 syscall=102 success=no exit=-97 a0=1 a1=bfce1d00 a2=6d1258 a3=0 items=0 ppid=2407 pid=2413 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="rndc" exe="/usr/sbin/rndc" subj=unconfined_u:system_r:ndc_t:s0 key=(null)