[syslog-ng] syslog-ng selinux context Centos 5.9 (RHEL5)
Balazs Scheidler
bazsi77 at gmail.com
Thu Feb 21 21:52:18 CET 2013
hi,
I'm not an selinux expert, but var_run_t is strange as a type in a directory under /var/log. So I would agree with this change.
but I guess it's the builtin policy, so you'd probably need to file a ticket against selinux-policy to have it fixed.
----- Original message -----
> Hi,
>
> I'm having some trouble with selinux blocking syslog-ng from creating
> directories
>
> type=1400 audit(1361437595.431:297527809): avc: denied { create } for
> pid=2835 comm="syslog-ng" name="21"
> scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=dir
> printk: 512913 messages suppressed.
>
> There is a line which seems to define this context in:
> /etc/selinux/targeted/contexts/files/file_contexts
>
> /var/log/syslog-ng(/.*)? system_u:object_r:syslogd_var_run_t:s0
>
>
> If I manually change the context to var_log_t as per: /var/log/.*
> system_u:object_r:var_log_t:s0
>
> then it creates the directory successfully.
>
> I believe the policy configuration is standard and undoctored so believe
> there could be a problem with it? Does anyone have a similar
> environment or some knowledge on this?
>
> greets
> -Stu
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130221/d2cac777/attachment.htm
More information about the syslog-ng
mailing list