hi, I'm not an selinux expert, but var_run_t is strange as a type in a directory under /var/log. So I would agree with this change. but I guess it's the builtin policy, so you'd probably need to file a ticket against selinux-policy to have it fixed. ----- Original message -----
Hi,
I'm having some trouble with selinux blocking syslog-ng from creating directories
type=1400 audit(1361437595.431:297527809): avc: denied { create } for pid=2835 comm="syslog-ng" name="21" scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=dir printk: 512913 messages suppressed.
There is a line which seems to define this context in: /etc/selinux/targeted/contexts/files/file_contexts
/var/log/syslog-ng(/.*)? system_u:object_r:syslogd_var_run_t:s0
If I manually change the context to var_log_t as per: /var/log/.* system_u:object_r:var_log_t:s0
then it creates the directory successfully.
I believe the policy configuration is standard and undoctored so believe there could be a problem with it? Does anyone have a similar environment or some knowledge on this?
greets -Stu
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq