Bug 1410930 - syslog-ng 3.5.6, selinux, audisp and /dev/log conflicts
Summary: syslog-ng 3.5.6, selinux, audisp and /dev/log conflicts
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: syslog-ng
Version: epel7
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jose Pedro Oliveira
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-06 21:15 UTC by John Jasen
Modified: 2017-01-06 21:15 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: Bug

Attachments (Terms of Use)

Description John Jasen 2017-01-06 21:15:12 UTC
Description of problem:

syslog-ng, as packaged in EPEL-7, is not especially systemd aware; nor is it particularly SELinux-aware. It attempts to unlink/relink /dev/log on start, which has several failure conditions.

Version-Release number of selected component (if applicable):

How reproducible:


Steps to Reproduce:
1. install C7 or RHEL7
1.1: set SElinux to targeted/enforcing
2. configure auditd to to use audisp syslog plugin
3. start auditd
4. install syslog-ng from EPEL
5. start syslog-ng (system() in this case will use /dev/log)

Actual results:

systemctl: syslog-ng will fail to start, being unable to unlink/relink /dev/log
shell: syslog-ng -f /etc/syslog-ng/syslog-ng.conf: audisp will not be able to use the recreated /dev/log, as its in the wrong context.

Expected results:

Both working.

Additional info:

syslog-ng 3.8.1 from the copr-be.cloud.fedoraproject.org handles this case better.

recommend up-revving to syslog 3.8.1 or greater, as 3.5.6 is broken.

Note You need to log in before you can comment on or make changes to this bug.