1410930 – syslog-ng 3.5.6, selinux, audisp and /dev/log conflicts

Bug 1410930 - syslog-ng 3.5.6, selinux, audisp and /dev/log conflicts

Summary: syslog-ng 3.5.6, selinux, audisp and /dev/log conflicts

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	syslog-ng
Sub Component:
Version:	epel7
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Jose Pedro Oliveira
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-06 21:15 UTC by John Jasen
Modified:	2017-01-06 21:15 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description John Jasen 2017-01-06 21:15:12 UTC

Description of problem:

syslog-ng, as packaged in EPEL-7, is not especially systemd aware; nor is it particularly SELinux-aware. It attempts to unlink/relink /dev/log on start, which has several failure conditions.

Version-Release number of selected component (if applicable):
syslog-ng 3.5.6.3el7

How reproducible:

trivial

Steps to Reproduce:
1. install C7 or RHEL7
1.1: set SElinux to targeted/enforcing
2. configure auditd to to use audisp syslog plugin
3. start auditd
4. install syslog-ng from EPEL
5. start syslog-ng (system() in this case will use /dev/log)


Actual results:

systemctl: syslog-ng will fail to start, being unable to unlink/relink /dev/log
shell: syslog-ng -f /etc/syslog-ng/syslog-ng.conf: audisp will not be able to use the recreated /dev/log, as its in the wrong context.

Expected results:

Both working.

Additional info:

syslog-ng 3.8.1 from the copr-be.cloud.fedoraproject.org handles this case better.

recommend up-revving to syslog 3.8.1 or greater, as 3.5.6 is broken.

Note You need to log in before you can comment on or make changes to this bug.