Bug 178183 - syslog can not log to external host unless selinux disabled
syslog can not log to external host unless selinux disabled
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
x86_64 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2006-01-18 08:03 EST by Per Steinar Iversen
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-27 01:00:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Per Steinar Iversen 2006-01-18 08:03:52 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8) Gecko/20051111 Firefox/1.5

Description of problem:
If syslog is set to send log entries to an external host then this does not work unless selinux is disabled for syslog. Every few minutes from syslogd:

syslogd: sendto: Bad file descriptor

This probably means that the syslogd selinux policy does not allow logging to external loghosts. Perhaps this should be classified as an selinux problem?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Make syslogd log to external host ("*.*  @loghost" in /etc/syslog.conf)
2. Restart syslog


Actual Results:  Nothing, syslog does not send logs to external host

Expected Results:  One would expect the log to appear on the external host

Additional info:

Turning off selinux for syslogd helps.
Comment 1 Jason Vas Dias 2006-01-19 15:22:23 EST
Yes, I've reproduced this problem now - only doing a 'setenforce 0' allows 
syslogd to send messages on UDP port 514 to a remote host.

There are no AVC messages generated in /var/log/audit/audit.log when this
occurs - syslogd's 'sendto' call simply returns EBADF - 'bad file descriptor' -
when it tries to write the message to its UDP socket.

The weird thing is, when run outside of the syslog initscript, ie. by root 
from the command line, eg. with:
  # syslogd -m0 -d
syslogd is then able to write to its UDP socket OK with SELinux in Enforcing mode.

Comment 2 Daniel Walsh 2006-01-27 01:00:07 EST
Fixed in selinux-policy-targeted-2.2.5-1

Note You need to log in before you can comment on or make changes to this bug.