Description of problem: rsyslog-mysql can not access mysql databases with selinux set to enforcing. Version-Release number of selected component (if applicable): rsyslog-mysql-2.0.2-1.fc8 How reproducible: always Steps to Reproduce: 1. install rsyslog-mysql 2. follow included instructions to configure 3. reload rsyslogd. Actual results: 3 avc denials: type=AVC msg=audit(1205009327.282:1560): avc: denied { name_connect } for pid=20518 comm="rsyslogd" dest=3306 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket type=AVC msg=audit(1205009327.283:1561): avc: denied { getattr } for pid=20518 comm="rsyslogd" path="/usr/share/mysql/charsets/Index.xml" dev=dm-0 ino=11534337 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file type=AVC msg=audit(1205009327.283:1562): avc: denied { read } for pid=20518 comm="rsyslogd" name="Index.xml" dev=dm-0 ino=11534337 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Expected results: rsyslog would use mysql as a datastore. Additional info: problem can be resolved using the following method: 1) set selinux to permissive mod (/usr/sbin/setenforce 0) 2) reload rsyslogds configuration (service rsyslog reload) 3) use audit2allow to generate the right rules (cat /var/log/audit/audit.log | grep rsyslogd | audit2allow -M MYmod2; /usr/sbin/semodule -i MYmod2.pp) 4) set selinux back to enforcing (/usr/sbin/setenforce 1)
Fixed in selinux-policy-3.0.8-93.fc8
I'm closing this issue, feel free to reopen if problem persist.