Red Hat Bugzilla – Bug 181718
klogd running wild after enabling selinux targeted policy
Last modified: 2007-11-30 17:11:24 EST
Hi Description of problem: I upgraded from FC3 and first I did disable selinux. Some days later I enabled selinux with policy targeted and selected relabel files. Things went mostly smooth. Howeverm after some time I recognized that the klogd did occupy the cpu completely. I did not see any message though. So I wondered about selinux and investigated the selinux config booleans. I found that syslogd was set to be not restricted but klogd not. After disabling the klogd restrictions and restarting klogd I've got 1000's of messages like Feb 16 00:36:59 sam kernel: audit(1140046610.261:215371275): avc: denied { write } for pid=8979 comm= "klogd" name="log" dev=tmpfs ino=17270 scontext=root:system_r:klogd_t tcontext=root:object_r:device_t tc lass=sock_file in my /var/log/messages file I suppose the klogd should by default have the same selinux exception as the syslogd. Version-Release number of selected component (if applicable): libselinux-devel-1.23.11-1.1 libselinux-1.23.11-1.1 selinux-policy-targeted-1.27.1-2.18
This looks like /dev/log was created with the wrong context. Are you completly up to date with all packages especially udev? Your devlog should look like this. ls -lZ /dev/log rw-rw-rw- root root system_u:object_r:devlog_t /dev/log
ls -lZ /dev/log srw-rw-rw- root root system_u:object_r:device_t /dev/log I switched to the setting you proposed chcon -t devlog_t /dev/log and it seems to be ok now. I did update from FC3 to FC4 and there were a number of things broken. Especially the glibc package would remain FC3 because FC3 had a more recent version. I had some trouble to force a downgrade. Quite annoying! I wonder what else ? Thanks for the tip anyway.