Description of problem: SELinux is preventing syslog-ng from 'unlink' accesses on the lnk_file log. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that syslog-ng should be allowed unlink access on the log lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep syslog-ng /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context system_u:object_r:devlog_t:s0 Target Objects log [ lnk_file ] Source syslog-ng Source Path syslog-ng Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.19.3-200.fc21.x86_64 #1 SMP Thu Mar 26 21:39:42 UTC 2015 x86_64 x86_64 Alert Count 5 First Seen 2015-04-11 10:31:03 CDT Last Seen 2015-04-11 10:31:03 CDT Local ID 35735ee5-dac7-43bd-82bc-8c0e364cbb86 Raw Audit Messages type=AVC msg=audit(1428766263.958:3644): avc: denied { unlink } for pid=32189 comm="syslog-ng" name="log" dev="devtmpfs" ino=10360 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:devlog_t:s0 tclass=lnk_file permissive=0 Hash: syslog-ng,syslogd_t,devlog_t,lnk_file,unlink Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
commit 3678200a5f4713531345f85522262f985ba337ee Author: Lukas Vrabec <lvrabec> Date: Thu Apr 16 21:09:04 2015 +0200 Allow syslogd_t to manage devlog_t lnk files. BZ(1210968)
selinux-policy-3.13.1-105.18.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.18.fc21
Package selinux-policy-3.13.1-105.18.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.18.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10708/selinux-policy-3.13.1-105.18.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.19.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.19.fc21
selinux-policy-3.13.1-105.19.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.