[syslog-ng] syslog-ng and selinux

Balazs Scheidler bazsi at balabit.hu
Sun Dec 25 14:18:58 CET 2005

On Sun, 2005-12-25 at 12:31 +0100, Ronny Vaningh wrote:
> I just installed syslog-ng 1.6.9 on a centos 4.2 machine and syslog-ng 
> doesnt start even after setting setsebool -P use_syslogng=1
> I still get the error
> Starting system logger: Error opening file /proc/kmsg for reading 
> (Permission denied)
> However it seems that syslog-ng tries to write to /prc/kmsg instead of 
> reading it
> type=AVC msg=audit(1135510199.139:26): avc:  denied  { write } for 
> pid=11942 comm="syslog-ng" name="kmsg" dev=proc ino=-268435446 
> scontext=root:system_r:syslogd_t tcontext=system_u:object_r:proc_kmsg_t 
> tclass=file
> I'm a little bit puzzled why syslog-ng tries to write to /proc/kmsg 
> instead of just reading messages of it.
> I can off course change the policy to allow writing but I feel that I 
> must be doing something wrong here

you are probably using pipe("/proc/kmsg") and not file("/proc/kmsg").
Albeit pipe is more or less equivalent to file(), one difference is that
pipes are opened in read-write mode (so that it always has a writer even
if noone opened the pipe for writing).


More information about the syslog-ng mailing list