I recently installed syslog-ng successfully on a FC3-SELinux enabled box. Everything is fine except that: # service syslog-ng status syslog-ng dead but subsys locked # ls --context /var/lock/subsys/syslog-ng -rw------- root root root:object_r:var_lock_t syslog-ng The root:object_r:var_lock_t should have been user_u:object_r:var_lock_t, and that is what is causing syslog-ng daemon to die. Also, the file permissions generally are 666. One easy way is to switch off SELinux for syslog-ng, but is there a better way?? Why are the permissions wrong?? ---- Anand Shankar
Anand, Which SELinux policy are you using: targeted or strict? If you are using the targeted policy, check this message: https://lists.balabit.hu/pipermail/syslog-ng/2005-April/007347.html jpo Anand Shankar wrote:
I recently installed syslog-ng successfully on a FC3-SELinux enabled box. Everything is fine except that:
# service syslog-ng status
syslog-ng dead but subsys locked
# ls --context /var/lock/subsys/syslog-ng
-rw------- root root root:object_r:var_lock_t syslog-ng
The root:object_r:var_lock_t should have been user_u:object_r:var_lock_t, and that is what is causing syslog-ng daemon to die. Also, the file permissions generally are 666.
One easy way is to switch off SELinux for syslog-ng, but is there a better way?? Why are the permissions wrong??
-- José Pedro Oliveira * mailto: jpo@di.uminho.pt * http://gsd.di.uminho.pt/~jpo * * gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B *
Anand Shankar wrote:
I recently installed syslog-ng successfully on a FC3-SELinux enabled box. Everything is fine except that:
# service syslog-ng status
syslog-ng dead but subsys locked
# ls --context /var/lock/subsys/syslog-ng
-rw------- root root root:object_r:var_lock_t syslog-ng
The root:object_r:var_lock_t should have been user_u:object_r:var_lock_t, and that is what is causing syslog-ng daemon to die. Also, the file permissions generally are 666.
One easy way is to switch off SELinux for syslog-ng, but is there a better way?? Why are the permissions wrong??
----
Anand Shankar _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Check the context of the file the error is telling you that the file is in the root context and should be user_u. look at the command chcon to fix this. Zeb
On Thu, 12 May 2005 20:37:21 CDT, Zeb Fletcher said:
-rw------- root root root:object_r:var_lock_t syslog-ng
The root:object_r:var_lock_t should have been user_u:object_r:var_lock_t, and that is what is causing syslog-ng daemon to die. Also, the file permissions generally are 666.
Check the context of the file the error is telling you that the file is in the root context and should be user_u. look at the command chcon to fix this.
If you're using the 'strict' policy from FC4, then it should be system_u:object_r:var_lock_t for /var/lock/subsys/* The 'targeted' policy from RHEL4 doesn't seem to care if it's root: or user_u: but the file_contexts file wants to relabel it as system_u: anyhow - /var/lock(/.*)? system_u:object_r:var_lock_t (Same for both FC4 'strict' and RHEL4 'targeted' (which is almost the same as the FC3 'targeted'). (And if you're crazy enough to be using the MLS policy, it is: /var/lock(/.*)? system_u:object_r:var_lock_t:s0
participants (4)
-
Anand Shankar
-
José Pedro Oliveira
-
Valdis.Kletnieks@vt.edu
-
Zeb Fletcher