Red Hat Bugzilla – Bug 178183
syslog can not log to external host unless selinux disabled
Last modified: 2007-11-30 17:11:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Description of problem:
If syslog is set to send log entries to an external host then this does not work unless selinux is disabled for syslog. Every few minutes from syslogd:
syslogd: sendto: Bad file descriptor
This probably means that the syslogd selinux policy does not allow logging to external loghosts. Perhaps this should be classified as an selinux problem?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Make syslogd log to external host ("*.* @loghost" in /etc/syslog.conf)
2. Restart syslog
Actual Results: Nothing, syslog does not send logs to external host
Expected Results: One would expect the log to appear on the external host
Turning off selinux for syslogd helps.
Yes, I've reproduced this problem now - only doing a 'setenforce 0' allows
syslogd to send messages on UDP port 514 to a remote host.
There are no AVC messages generated in /var/log/audit/audit.log when this
occurs - syslogd's 'sendto' call simply returns EBADF - 'bad file descriptor' -
when it tries to write the message to its UDP socket.
The weird thing is, when run outside of the syslog initscript, ie. by root
from the command line, eg. with:
# syslogd -m0 -d
syslogd is then able to write to its UDP socket OK with SELinux in Enforcing mode.
Fixed in selinux-policy-targeted-2.2.5-1