Bug 236017 - syslog-ng >= 2.0 needs additional selinux rules for syslog-ng.persist
syslog-ng >= 2.0 needs additional selinux rules for syslog-ng.persist
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-11 11:17 EDT by Peter Bieringer
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-21 09:24:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2007-04-11 11:17:24 EDT
Description of problem:

syslog-ng >= 2.0 uses as persist file for storing some information. It's not
proper documented at the moment but also can't be disabled.

Following ruleset would help:

# syslog-ng >= 2.0
allow syslogd_t var_t:dir { write add_name read };
allow syslogd_t var_t:file { create read write getattr };


An additional one-time event on restart during update isn't catched, but I don't
know the reason at all. Further restart do not show such messages again - so
perhaps an issue of the old installed version.

Apr 11 17:11:44 s audit(1176304304.525:3018): avc:  denied  { read } for 
pid=19775 comm="syslog-ng" name="[14436979]" dev=pipefs ino=14436979
scontext=root:system_r:syslogd_t tcontext=root:system_r:unconfined_t
tclass=fifo_file
Apr 11 17:11:44 s audit(1176304304.541:3019): avc:  denied  { read } for 
pid=19777 comm="syslog-ng" name="[14436979]" dev=pipefs ino=14436979
scontext=root:system_r:syslogd_t tcontext=root:system_r:unconfined_t
tclass=fifo_file
Comment 1 Daniel Walsh 2007-05-17 11:49:54 EDT
Sorry I seem to have lost this bugzilla, some where along the way.  What is the
path to the persists file?  We need a new context for it.
Comment 2 Peter Bieringer 2007-05-17 11:52:46 EDT
File is: /var/state/syslog-ng/syslog-ng.persist
Comment 3 Daniel Walsh 2007-05-17 14:23:58 EDT
Easiest fix is to chcon -R -t syslogd_var_run_t /var/state/syslog-ng

Looking at FC7 I do not see this file.  Is this something that has been removed?
Comment 4 Peter Bieringer 2007-05-17 14:32:20 EDT
syslog-ng for RHEL4 is from silfreed.net repository:
http://www.silfreed.net/download/repo/rhel/4/$basearch/silfreednet
The location of the file can be specified during configure, default was
/var/syslog-ng.persist (which is a very bad location), so I suggested 
silfreed.net maintainer to change this to a better location, currently
/var/state/syslog-ng/syslog-ng.persist - I don't know which location FC7 spec
specifies.
Comment 5 Daniel Walsh 2007-06-21 09:24:20 EDT
This is fixed in the upstream and there are workarounds so I am closing.

Note You need to log in before you can comment on or make changes to this bug.