[syslog-ng] [PATCH] Added SElinux module for running syslog-ng
on RHEL5.
Balazs Scheidler
bazsi at balabit.hu
Mon May 21 18:37:03 CEST 2007
On Sun, 2007-05-20 at 16:45 +0200, Jan-Frode Myklebust wrote:
> Here's a small patch adding a small SElinux module that makes it
> possible to run syslog-ng on RHEL5 with SElinux in default enforcing
> mode.
Thanks for your contribution.
> diff --git a/contrib/rhel-packaging/syslog_ng.te.README b/contrib/rhel-packaging/syslog_ng.te.README
> new file mode 100644
> index 0000000..df316a1
> --- /dev/null
> +++ b/contrib/rhel-packaging/syslog_ng.te.README
> @@ -0,0 +1,14 @@
> +"syslog_ng.te" is the necessary selinux module to allow syslog-ng
> +running on RHEL5 (with selinux in default enforcing mode). It's
> +necessary for up for letting the syslogd_t domain access /proc/kmsg,
> +listen on 514/tcp and write /var/syslog-ng.persist.
/var/syslog-ng.persist should rather be created
in /var/lib/syslog-ng/syslog-ng.persist.
It's a packaging problem if it isn't. (previously no files were used in
localstatedir, that's the reason it is unspecified in packaging files).
> +
> +To build and load it, execute:
> +
> + checkmodule -M -m -o syslog_ng.mod syslog_ng.te
> + semodule_package -o syslog_ng.pp -m syslog_ng.mod
> + semodule -i ./syslog_ng.pp
> +
> +The module can be removed from the system by executing:
> +
> + semodule --remove=syslog_ng
--
Bazsi
More information about the syslog-ng
mailing list