SELinux - allowing rsyslog open/read access to some files

So I've got three files I need rsyslog to open in order to forward the entries to another server. SELinux is preventing this with the following error: type=AVC msg=audit(1371186588.768:1324460): avc: denied { open } for pid=3714 comm="rsyslogd" name="named.debug.log" dev=dm-0 ino=1180551 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:named_cache_t:s0 tclass=file type=SYSCALL msg=audit(1371186588.768:1324460): arch=c000003e syscall=2 success=no exit=-13 a0=7fb254001b30 a1=80100 a2=180 a3=2e67756265642e64 items=0 ppid=1 pid=3714 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7926 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null) Running this through audit2allow, I get the following: module rsysloglocal 1.0; require { type named_cache_t; type syslogd_t; class file { read write }; } #============= syslogd_t ============== allow syslogd_t named_cache_t:file { read write }; Unfortunately, this doesn't work. I'm still getting the message above from SELinux. The files I need to watch with rsyslog are in /var/named/data/log/, which is why SELinux is referencing the named_cache_t thing (I think). Any thoughts? Edit: semodule -l output: abrt 1.2.0 accountsd 1.0.0 ada 1.4.0 afs 1.5.3 aiccu 1.0.0 aide 1.5.0 aisexec 1.0.0 amanda 1.12.0 amavis 1.10.3 amtu 1.2.0 apache 2.1.2 apcupsd 1.6.1 arpwatch 1.8.1 asterisk 1.7.1 audioentropy 1.6.0 automount 1.12.1 avahi 1.11.2 awstats 1.2.0 bind 1.10.2 bitlbee 1.2.1 bluetooth 3.2.2 boinc 1.0.0 bugzilla 1.0 cachefilesd 1.0.17 calamaris 1.5.1 canna 1.10.0 ccs 1.4.1 cdrecord 2.2.1 certmaster 1.0.2 certmonger 1.0.0 certwatch 1.5.0 cfengine 1.0.0 cgroup 1.0.0 chrome 1.0.0 chronyd 1.0.1 cipe 1.5.0 clamav 1.7.1 clogd 1.0.0 cloudform 1.0 cmirrord 1.0.0 cobbler 1.1.0 comsat 1.7.0 condor 1.0.0 consolekit 1.5.1 corosync 1.0.0 courier 1.8.1 cpufreqselector 1.1.0 ctdbd 1.0.0 cups 1.13.0 cvs 1.8.0 cyphesis 1.2.0 cyrus 1.9.1 daemontools 1.2.0 dbskk 1.5.0 dcc 1.8.2 denyhosts 1.0.0 devicekit 1.0.0 dhcp 1.8.1 dictd 1.7.0 dirsrv-admin 1.0.0 dirsrv 1.0.0 dnsmasq 1.8.1 dovecot 1.11.1 drbd 1.0.0 ethereal 2.0.0 execmem 1.0.0 exim 1.4.2 fail2ban 1.3.2 fcoemon 1.0.0 fetchmail 1.9.2 finger 1.9.0 firewallgui 1.0.0 fprintd 1.0.1 ftp 1.11.0 games 2.1.0 git 1.0.3 gitosis 1.0.1 glance 1.0.0 gnome 2.0.0 gnomeclock 1.0.0 gpg 2.2.1 gpm 1.7.1 gpsd 1.0.2 guest 1.0.1 hal 1.12.1 hddtemp 1.0.0 howl 1.8.1 icecast 1.0.0 inn 1.9.0 ipsec 1.10.2 irc 2.1.0 iscsi 1.6.2 jabber 1.8.0 java 2.2.1 kdump 1.0.1 kdumpgui 1.0.0 kerberos 1.10.2 kerneloops 1.3.1 keystone 1.0.0 kismet 1.4.2 ksmtuned 1.0.0 ktalk 1.7.1 ldap 1.10.0 likewise 1.0.0 lircd 1.0.1 livecd 1.0.0 lldpad 1.0.0 lockdev 1.3.0 logadm 1.0.0 lpd 1.12.0 mailman 1.7.2 matahari 1.0.0 mediawiki 1.0.0 memcached 1.1.2 milter 1.1.1 modemmanager 1.0.1 mono 1.6.1 mozilla 2.1.1 mpd 1.0.0 mplayer 2.1.0 mrtg 1.8.0 munin 1.7.0 mysql 1.11.3 nagios 1.8.0 namespace 1.0.0 ncftool 1.0.0 netlabel 1.3.0 nis 1.10.0 nova 1.0.0 nslcd 1.0.1 nsplugin 1.0.0 ntop 1.8.1 ntp 1.9.1 nut 1.0.1 nx 1.4.0 oddjob 1.7.0 openct 1.4.0 openoffice 1.0.0 openvpn 1.9.1 pads 1.0.0 passenger 1.0.0 pcscd 1.5.2 pegasus 1.8.0 permissivedomains 1.0.0 pingd 1.0.0 piranha 1.0.0 plymouthd 1.0.0 podsleuth 1.2.1 policykit 1.1.0 portmap 1.9.0 portreserve 1.1.1 postfix 1.11.0 postgresql 1.12.1 postgrey 1.7.0 ppp 1.11.2 prelude 1.1.2 privoxy 1.9.1 procmail 1.11.0 psad 1.0.0 ptchown 1.0.1 publicfile 1.1.0 pulseaudio 1.1.2 puppet 1.0.0 pyzor 2.1.0 qemu 1.3.2 qmail 1.5.0 qpidd 1.0.0 quantum 1.0.0 radius 1.11.0 radvd 1.11.2 razor 2.1.0 rdisc 1.7.1 remotelogin 1.7.0 rgmanager 1.0.0 rhcs 1.1.0 rhev 1.0 rhgb 1.9.0 rhsmcertd 1.0.0 ricci 1.6.0 rlogin 1.9.0 roundup 1.7.0 rpcbind 1.4.1 rshd 1.7.0 rssh 2.0.0 rsync 1.9.1 rsysloglocal 1.0 rtkit 1.0.1 rwho 1.6.0 samba 1.12.0 sambagui 1.0.0 sandbox 1.0.0 sanlock 1.0.0 sasl 1.12.1 sblim 1.0.0 screen 2.2.2 sectoolm 1.0.0 seunshare 1.1.0 sge 1.0.0 shutdown 1.0.0 slocate 1.9.0 smartmon 1.9.1 smokeping 1.0.0 smoltclient 1.0.0 snmp 1.10.2 snort 1.8.1 sosreport 1.0.0 soundserver 1.8.0 spamassassin 2.2.0 squid 1.9.0 sssd 1.0.2 staff 2.0.1 stunnel 1.9.0 sysadm_secadm 1.0.0 sysstat 1.5.1 tcpd 1.4.0 telepathy 1.0.0 telnet 1.9.1 tftp 1.12.0 tgtd 1.0.1 tmpreaper 1.4.0 tor 1.6.1 tuned 1.0.1 tvtime 2.0.0 ulogd 1.1.0 uml 2.1.0 unconfined 3.1.1 unconfineduser 1.0.0 unlabelednet 1.0 unprivuser 2.0.1 usbmodules 1.2.0 usbmuxd 1.0.0 userhelper 1.5.0 usernetctl 1.5.0 uucp 1.10.2 uuidd 1.0.0 varnishd 1.1.0 vdagent 1.0.0 vhostmd 1.0.0 virt 1.4.0 vmware 2.2.0 vpn 1.12.0 w3c 1.0.0 wdmd 1.0.0 webadm 1.1.0 webalizer 1.10.0 wine 1.6.1 xen 1.9.2 xfs 1.6.0 xguest 1.0.1 zabbix 1.2.0 zarafa 1.0.0 zebra 1.10.1 zosremote 1.1.0 Edit 2: I've also tried this using only read permissions (allow syslogd_t named_cache_t:file read;) rather than read / write. No dice.