<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html><head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

    <meta name="generator" content="Osso Notes">

    <title></title></head>

<body>

<p>hi,

<br>

<br>I'm not an selinux expert, but var_run_t is strange as a type in a directory under /var/log. So I would agree with this change.

<br>

<br>but I guess it's the builtin policy, so you'd probably need to file a ticket against selinux-policy to have it fixed.

<br>

<br>----- Original message -----

<br>&gt; Hi,

<br>&gt; 

<br>&gt; I'm having some trouble with selinux blocking syslog-ng from creating 

<br>&gt; directories

<br>&gt; 

<br>&gt; type=1400 audit(1361437595.431:297527809): avc:&nbsp; &#32;denied&nbsp; &#32;{ create } for&nbsp; &#32;

<br>&gt; pid=2835 comm="syslog-ng" name="21" 

<br>&gt; scontext=system_u:system_r:syslogd_t:s0 

<br>&gt; tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=dir

<br>&gt; printk: 512913 messages suppressed.

<br>&gt; 

<br>&gt; There is a line which seems to define this context in:

<br>&gt; /etc/selinux/targeted/contexts/files/file_contexts

<br>&gt; 

<br>&gt; /var/log/syslog-ng(/.*)? system_u:object_r:syslogd_var_run_t:s0

<br>&gt; 

<br>&gt; 

<br>&gt; If I manually change the context to&nbsp; &#32;var_log_t&nbsp; &nbsp; &#32;as per: /var/log/.*&nbsp; &nbsp; &nbsp; &nbsp; &#32;

<br>&gt; system_u:object_r:var_log_t:s0

<br>&gt; 

<br>&gt; then it creates the directory successfully.

<br>&gt; 

<br>&gt; I believe the policy configuration is standard and undoctored so believe 

<br>&gt; there could be a problem with it?&nbsp; &nbsp; &#32;Does anyone have a similar 

<br>&gt; environment or some knowledge on this?

<br>&gt; 

<br>&gt; greets

<br>&gt; -Stu

<br>&gt; 

<br>&gt; 

<br>&gt; 

<br>&gt; 

<br>&gt; ______________________________________________________________________________

<br>&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>

<br>&gt; Documentation:

<br>&gt; <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a> FAQ:

<br>&gt; <a href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>

<br>&gt; 

<br><br></p>

</body>

</html>