On Sun, 2007-05-20 at 16:45 +0200, Jan-Frode Myklebust wrote:
Here's a small patch adding a small SElinux module that makes it possible to run syslog-ng on RHEL5 with SElinux in default enforcing mode.
Thanks for your contribution.
diff --git a/contrib/rhel-packaging/syslog_ng.te.README b/contrib/rhel-packaging/syslog_ng.te.README new file mode 100644 index 0000000..df316a1 --- /dev/null +++ b/contrib/rhel-packaging/syslog_ng.te.README @@ -0,0 +1,14 @@ +"syslog_ng.te" is the necessary selinux module to allow syslog-ng +running on RHEL5 (with selinux in default enforcing mode). It's +necessary for up for letting the syslogd_t domain access /proc/kmsg, +listen on 514/tcp and write /var/syslog-ng.persist.
/var/syslog-ng.persist should rather be created in /var/lib/syslog-ng/syslog-ng.persist. It's a packaging problem if it isn't. (previously no files were used in localstatedir, that's the reason it is unspecified in packaging files).
+ +To build and load it, execute: + + checkmodule -M -m -o syslog_ng.mod syslog_ng.te + semodule_package -o syslog_ng.pp -m syslog_ng.mod + semodule -i ./syslog_ng.pp + +The module can be removed from the system by executing: + + semodule --remove=syslog_ng
-- Bazsi