[syslog-ng]Fedora Core 3, SELinux, and syslog-ng
Zeb Fletcher
syslog-ng@lists.balabit.hu
Sat, 05 Mar 2005 07:21:53 -0600
Mike Pepe wrote:
> I'm wondering if anyone knows the magic incantation you need in order
> to make FC3 with selinux turned on to like syslog-ng.
>
> it won't let syslog-ng access /proc/kmesg and therefore prevents it
> from working.
>
> If I turn off selinux, of course, it works fine.
>
> This selinux stuff is nice, but hard to figure out!
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
A little off topic but you might want to look at audt2allow a nice tool
that reads error messages sent by the kernel to help in building the
proper ruleset. You will find more places than not where SELinux will
deny you on things that your use to getting done. Also check out "chcon"
as your files will need to be in the proper context as well to allow
access.
Zeb