Bug 727550
| Summary: | selinux prevents rsyslog to log messages into mysql db | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Karel Srot <ksrot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.7 | CC: | dwalsh |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-23 13:21:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 722536 *** |
Description of problem: I have set up rsyslog to use ommysql.so module to store log messages in mysql database. Because of selinux the message was not logged into mysql db This AVC appeared in enforcing mode: type=SYSCALL msg=audit(1312288751.971:51): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=40f19c40 a2=6e a3=0 items=0 ppid=1 pid=11785 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null) type=AVC msg=audit(1312288751.971:51): avc: denied { search } for pid=11785 comm="rsyslogd" name="mysql" dev=dm-0 ino=97812543 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir These AVCs appeared in permissive mode: time->Tue Aug 2 08:39:11 2011 type=SYSCALL msg=audit(1312288751.971:51): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=40f19c40 a2=6e a3=0 items=0 ppid=1 pid=11785 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null) type=AVC msg=audit(1312288751.971:51): avc: denied { search } for pid=11785 comm="rsyslogd" name="mysql" dev=dm-0 ino=97812543 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir ---- time->Tue Aug 2 08:39:59 2011 type=SYSCALL msg=audit(1312288799.261:54): arch=c000003e syscall=42 success=yes exit=0 a0=a a1=41bc2c40 a2=6e a3=0 items=0 ppid=1 pid=12410 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null) type=AVC msg=audit(1312288799.261:54): avc: denied { connectto } for pid=12410 comm="rsyslogd" path="/var/lib/mysql/mysql.sock" scontext=root:system_r:syslogd_t:s0 tcontext=root:system_r:mysqld_t:s0 tclass=unix_stream_socket type=AVC msg=audit(1312288799.261:54): avc: denied { write } for pid=12410 comm="rsyslogd" name="mysql.sock" dev=dm-0 ino=97812737 scontext=root:system_r:syslogd_t:s0 tcontext=root:object_r:mysqld_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1312288799.261:54): avc: denied { search } for pid=12410 comm="rsyslogd" name="mysql" dev=dm-0 ino=97812543 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir module generated from these AVC fixed the problem for me module mymod 1.0; require { type syslogd_t; type mysqld_t; type mysqld_var_run_t; type mysqld_db_t; class sock_file write; class unix_stream_socket connectto; class dir search; } #============= syslogd_t ============== allow syslogd_t mysqld_db_t:dir search; allow syslogd_t mysqld_t:unix_stream_socket connectto; allow syslogd_t mysqld_var_run_t:sock_file write; Version-Release number of selected component (if applicable): selinux-policy-2.4.6-316.el5 How reproducible: always Steps to Reproduce: 1. config rsyslog to log into mysql db Actual results: no logs in mysql db Expected results: logs in mysql db Additional info: