Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 236017 - syslog-ng >= 2.0 needs additional selinux rules for syslog-ng.persist
Summary: syslog-ng >= 2.0 needs additional selinux rules for syslog-ng.persist
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-11 15:17 UTC by Peter Bieringer
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-06-21 13:24:20 UTC


Attachments (Terms of Use)

Description Peter Bieringer 2007-04-11 15:17:24 UTC
Description of problem:

syslog-ng >= 2.0 uses as persist file for storing some information. It's not
proper documented at the moment but also can't be disabled.

Following ruleset would help:

# syslog-ng >= 2.0
allow syslogd_t var_t:dir { write add_name read };
allow syslogd_t var_t:file { create read write getattr };


An additional one-time event on restart during update isn't catched, but I don't
know the reason at all. Further restart do not show such messages again - so
perhaps an issue of the old installed version.

Apr 11 17:11:44 s audit(1176304304.525:3018): avc:  denied  { read } for 
pid=19775 comm="syslog-ng" name="[14436979]" dev=pipefs ino=14436979
scontext=root:system_r:syslogd_t tcontext=root:system_r:unconfined_t
tclass=fifo_file
Apr 11 17:11:44 s audit(1176304304.541:3019): avc:  denied  { read } for 
pid=19777 comm="syslog-ng" name="[14436979]" dev=pipefs ino=14436979
scontext=root:system_r:syslogd_t tcontext=root:system_r:unconfined_t
tclass=fifo_file

Comment 1 Daniel Walsh 2007-05-17 15:49:54 UTC
Sorry I seem to have lost this bugzilla, some where along the way.  What is the
path to the persists file?  We need a new context for it.

Comment 2 Peter Bieringer 2007-05-17 15:52:46 UTC
File is: /var/state/syslog-ng/syslog-ng.persist

Comment 3 Daniel Walsh 2007-05-17 18:23:58 UTC
Easiest fix is to chcon -R -t syslogd_var_run_t /var/state/syslog-ng

Looking at FC7 I do not see this file.  Is this something that has been removed?

Comment 4 Peter Bieringer 2007-05-17 18:32:20 UTC
syslog-ng for RHEL4 is from silfreed.net repository:
http://www.silfreed.net/download/repo/rhel/4/$basearch/silfreednet
The location of the file can be specified during configure, default was
/var/syslog-ng.persist (which is a very bad location), so I suggested 
silfreed.net maintainer to change this to a better location, currently
/var/state/syslog-ng/syslog-ng.persist - I don't know which location FC7 spec
specifies.

Comment 5 Daniel Walsh 2007-06-21 13:24:20 UTC
This is fixed in the upstream and there are workarounds so I am closing.


Note You need to log in before you can comment on or make changes to this bug.