(Reposting now that I'm subscribed) I've created an RPM package of syslog-ng that installs the necessary selinux module to work on RHEL5. This is not creating a whole new selinux domain for syslog-ng (like I expect the reference policy to do), but rather a small extention of the RHEL5 provided syslogd domain to allow syslogd_t opening /dev/kmsg, 514/tcp and creating some files under /var. http://tanso.net/yum/repodata/repoview/syslog-ng-0-2.0.3-1.el5.html http://tanso.net/selinux/ The selinux rules installed by this RPM is http://tanso.net/selinux/syslog_ng.te and can be installed separately by saving that file to /root/syslog_ng.te and running: checkmodule -M -m -o syslog_ng.mod syslog_ng.te semodule_package -o syslog_ng.pp -m syslog_ng.mod restorecon ./syslog_ng.pp semodule -i ./syslog_ng.pp It can later be removed by "semodule --remove=syslog_ng". -jf