After reloading the policy (semodule -B), the audit logs (and dmesg) is flooded with: """ [ 331.491062] type=1401 audit(1356856723.741:86): selinux_audit_rule_match: stale rule [ 331.491062] """ This keeps on coming until a reboot is done. Reproducible: Always
I have the same with IMA in-kernel, but appraisal disabled through the command-line (ima_appraise=off) and IMA auditing off (ima_audit=0)
Is a bug in kernel, see https://sourceforge.net/mailarchive/forum.php?thread_name=1357559987.3216.35.camel%40falcor&forum_name=linux-ima-user
Fixed with the patch mentioned, waiting until it is upstreamed
Has been committed to main kernel tree in january, but needed an additional fix that is now in 3.4+ kernels.