Whenever tcpdump fills a savefile to capacity (-C option) and tries to open a new one, I get the following AVC denial: kernel: audit(1204485464.409:106): avc: denied { search } for pid=2702 comm="tcpdump" name="/" dev=hdb1 ino=2 scontext=system_u:system_r:netutils_t:s0 t context=system_u:object_r:default_t:s0 tclass=dir Any suggestions as the the proper fix to make this work? The target directory for the savefiles has context system_u:object_r:netutils_tmp_t, and I get no complaints about that directory or its files. I have no idea what tcpdump might be searching for in the root directory or, for that matter, why search permission in a default_t directory should be denied. System: CentOS 5.1 selinux-policy-targeted-2.4.6-106.el5_1.3 kernel-2.6.18-53.1.13.el5 tcpdump-3.9.4-11.el5 -rwxr-xr-x root root system_u:object_r:netutils_exec_t /usr/sbin/tcpdump -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.