search for: retorecon

...tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 ... and from audit2allow : #============= unconfined_t ============== allow unconfined_t self:capability2 mac_admin; I don't know what triggers these records in /var/log/audit (everything seems to work). Running retorecon -rv / doesn't produce any error. Can someone tell me what is the mac_admin functionnality, and if it is safe to allow it ? If I understand correctly what I have found by googling around, it is not advised. Thanks, -- Philippe Naudin