Description of problem: SELinux enforcement disables remote server logging for syslog, creating the following entries in messages: Mar 29 13:25:56 hagrid kernel: audit(1080584756.667:0): avc: denied { name_bind } for pid=3162 exe=/sbin/syslogd src=832 scontext=root:system_r:syslogd_t tcontext=system_u:object_r:port_t tclass=udp_socket It looks like the default policy should allow this, as remote logging is used quite often. Version-Release number of selected component (if applicable): sysklogd-1.4.1-14
Adding the following to /etc/security/selinux/src/policy/domains/program/syslogd.te fixes the issue and allows both sending logs to remote server and accepting remote logs. # Allow name_bind for remote logging allow syslogd_t port_t:{ tcp_socket udp_socket } name_bind; tcp_socket can be used by syslog_ng, afair.
Fixed in policy-1.11.3-2.src.rpm