Created attachment 1035659 [details] /etc/rsyslog.d/elasticsearch.conf Description of problem: The package rsyslog-elasticsearch is broken out-of-the-box. rsyslog attempting to log to elasticsearch results in the following AVC denials if NIS_ENABLED is off: Jun 6 10:50:11 geth01 audit: <audit-1400> avc: denied { name_connect } for pid=734 comm=72733A616374696F6E203120717565 dest=9200 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 Jun 6 10:50:11 geth01 audit: <audit-1400> avc: denied { name_connect } for pid=734 comm=72733A616374696F6E203120717565 dest=9200 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 Jun 6 10:50:11 geth01 audit: <audit-1400> avc: denied { name_connect } for pid=731 comm=72733A616374696F6E203120717565 dest=9200 scontext=system_u:system_r:syslogd_t:s0 Installation of the package rsyslog-elasticsearch should allow rsyslog to connect to elasticsearch's particular port, without opening rsyslog to all ports, and also without impacting other installed programs. Version-Release number of selected component (if applicable): Fedora 22 Server $ dnf list elasticsearch rsyslog-elasticsearch rsyslog Last metadata expiration check performed 0:06:09 ago on Sat Jun 6 12:05:59 2015. Installed Packages elasticsearch.noarch 1.5.2-0.fc22 @System rsyslog.x86_64 8.8.0-2.fc22 @System rsyslog-elasticsearch.x86_64 8.8.0-2.fc22 @System How reproducible: Very. Steps to Reproduce: 1. Install elasticsearch and rsyslog-elasticsearch. I'm using a cluster of 2 machines, but that shouldn't matter. 2. Ensure the SELinux bool nis_enabled is off. This was the case without my intervention. 3. Configure rsylog as per the attached configuration (separate file in /etc/rsyslog.d/) Actual results: AVC denials in /var/log/messages, no index created in elasticsearch. Expected results: Indices should be created in elasticsearch while messages are logged, AVC should not deny rsyslog's connections, nothing noteworthy should be logged in /var/log/messages. Note that if rsyslog-elasticsearch is not installed, rsyslog should not be allowed to connect to port 9200 (without nis_enabled being set), regardless of whether elasticsearch is installed. Additional info: - I'm using a bare-metal cluster of 2 computers for elasticsearch, both of which should be configured identically, courtesy of ansible. - Elasticsearch configuration specified the network name as the host name. - Elasticsearch configuration specifies a non-default cluster name. - Elasticsearch uses a few ports other than 9200. I know of 9300, can't find a documented list at the moment. - I do have the logstash repository from www.elastic.co setup, but should not be using packages from it.
Should the component on this be selinux-policy?
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.