> tail /var/log/audit/audit.log type=AVC msg=audit(1515657259.550:620585): avc: denied { open } for pid=8358 comm="sudo" path="/run/utmp" dev="tmpfs" ino=11643 scontext=system_u:system_r:nagios_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=1 ... > audit2allow < /var/log/audit/audit.log #============= nagios_t ============== allow nagios_t initrc_var_run_t:file open; ... > ls -Z /run/utmp system_u:object_r:initrc_var_run_t:s0 /run/utmp