Bug 229599
Summary: | syslogd_disable_trans=1 labels /dev/log as device_t | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Friedman <steve> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED WONTFIX | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-22 17:27:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Steve Friedman
2007-02-21 23:07:47 UTC
Yes this is one of the risks of disable_trans. In the future we want to remove disable_trans and add a run_unconfined boolean. Disableing trans on syslog will cause most of the other confined domains to blow up since the /dev/log will be mislabeled. If there are missing rules required to get syslog to run in enforcing mode, you can use audit2allow to generate custom policy. |