This was a journalctl -b -p 03 returns, concerning my last boot. Also, the /var/log/audit directory is empty. I think the issue is pretty clear
I’ve tried setting permissions and ownership manually using chmod and chown, but the issue does not disappear. Is this a SELinux issue? How should I go about it? What exact combination of permissions and ownership would be adequate on that directory?
Could you provide the result of these two commands? grep "/var/log/audit" /etc/selinux/targeted/contexts/files/file_contexts rpm -q selinux-policy-targeted
Thank you for being more thorough than I am; indeed systemctl reports now an active auditd service after starting it manually! Just to be sure, however, here are the results you wanted: grep "/var/log/audit" /etc/selinux/targeted/contexts/files/file_contexts:
I’m not an expert of SELinux.
Btw, “If a file object has a context, restorecon will only modify the type portion of the security context. The -F option will force a replacement of the entire context.”
So, to completely restore the default context: sudo restorecon -F /var/log/audit