Bug 119366 - Syslog is not able to log to remote server under SELinux.
Summary: Syslog is not able to log to remote server under SELinux.
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard: triage|leonardjo|closed|rawhide
Keywords:
Depends On:
Blocks: 122683
TreeView+ depends on / blocked
 
Reported: 2004-03-29 21:55 UTC by Konstantin Ryabitsev
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2004-05-10 17:45:03 UTC


Attachments (Terms of Use)

Description Konstantin Ryabitsev 2004-03-29 21:55:02 UTC
Description of problem:
SELinux enforcement disables remote server logging for syslog,
creating the following entries in messages:

Mar 29 13:25:56 hagrid kernel: audit(1080584756.667:0): avc:  denied 
{ name_bind } for  pid=3162 exe=/sbin/syslogd src=832
scontext=root:system_r:syslogd_t tcontext=system_u:object_r:port_t
tclass=udp_socket

It looks like the default policy should allow this, as remote logging
is used quite often.

Version-Release number of selected component (if applicable):
sysklogd-1.4.1-14

Comment 1 Konstantin Ryabitsev 2004-03-30 20:36:18 UTC
Adding the following to
/etc/security/selinux/src/policy/domains/program/syslogd.te fixes the
issue and allows both sending logs to remote server and accepting
remote logs.

# Allow name_bind for remote logging
allow syslogd_t port_t:{ tcp_socket udp_socket } name_bind;

tcp_socket can be used by syslog_ng, afair.

Comment 2 Daniel Walsh 2004-05-06 17:50:15 UTC
Fixed in policy-1.11.3-2.src.rpm


Note You need to log in before you can comment on or make changes to this bug.