On Thu, 2005-03-03 at 10:50, Mike Pepe wrote:
I'm wondering if anyone knows the magic incantation you need in order to make FC3 with selinux turned on to like syslog-ng.
it won't let syslog-ng access /proc/kmesg and therefore prevents it from working.
If I turn off selinux, of course, it works fine.
This selinux stuff is nice, but hard to figure out!
You need to have the source policy installed then you add this to local.te and rebuild. #To allow for /proc/kmsg allow syslogd_t proc_kmsg_t:file write; allow syslogd_t self:capability sys_admin; allow syslogd_t self:capability chown; [I submitted this a bug to Fedora but of course since syslog-ng is not an release package they don't care]
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net