[syslog-ng]Fedora Core 3, SELinux, and syslog-ng

[Mike Tremaine]

On Thu, 2005-03-03 at 10:50, Mike Pepe wrote:
> I'm wondering if anyone knows the magic incantation you need in order to 
> make FC3 with selinux turned on to like syslog-ng.
> 
> it won't let syslog-ng access /proc/kmesg and therefore prevents it from 
> working.
> 
> If I turn off selinux, of course, it works fine.
> 
> This selinux stuff is nice, but hard to figure out!
> 

You need to have the source policy installed then you add this to
local.te and rebuild.

#To allow for /proc/kmsg
allow syslogd_t proc_kmsg_t:file write;
allow syslogd_t self:capability sys_admin;
allow syslogd_t self:capability chown;

[I submitted this a bug to Fedora but of course since syslog-ng is not
an release package they don't care]

> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- 
Mike Tremaine
mgt@stellarcore.net
http://www.stellarcore.net