[syslog-ng] syslog-ng and selinux
Balazs Scheidler
bazsi at balabit.hu
Sun Dec 25 14:18:58 CET 2005
On Sun, 2005-12-25 at 12:31 +0100, Ronny Vaningh wrote:
> I just installed syslog-ng 1.6.9 on a centos 4.2 machine and syslog-ng
> doesnt start even after setting setsebool -P use_syslogng=1
>
> I still get the error
>
> Starting system logger: Error opening file /proc/kmsg for reading
> (Permission denied)
>
>
> However it seems that syslog-ng tries to write to /prc/kmsg instead of
> reading it
>
> type=AVC msg=audit(1135510199.139:26): avc: denied { write } for
> pid=11942 comm="syslog-ng" name="kmsg" dev=proc ino=-268435446
> scontext=root:system_r:syslogd_t tcontext=system_u:object_r:proc_kmsg_t
> tclass=file
>
>
> I'm a little bit puzzled why syslog-ng tries to write to /proc/kmsg
> instead of just reading messages of it.
>
>
> I can off course change the policy to allow writing but I feel that I
> must be doing something wrong here
you are probably using pipe("/proc/kmsg") and not file("/proc/kmsg").
Albeit pipe is more or less equivalent to file(), one difference is that
pipes are opened in read-write mode (so that it always has a writer even
if noone opened the pipe for writing).
--
Bazsi
More information about the syslog-ng
mailing list