Created attachment 373167 [details] selinux alert using named pipe log Cannot use named pipe log script with selinux. Attached is the report from the selinux troubleshoot tool.
Created attachment 373188 [details] Patch This patch should take care of the AVC. It allows dirsrv_t processes to manage any fifo files labelled as dirsrv_var_log_t.
Created attachment 373481 [details] Revised Patch My previous patch had a type in one of the policy macro names. This patch corrects that typo.
Comment on attachment 373481 [details] Revised Patch Works fine on RHEL5 i386
To ssh://git.fedorahosted.org/git/389/ds.git c177c34..b2e2a3f master -> master commit b2e2a3f5294707e1ccf2b25fd281ce3653dac819 Author: Nathan Kinder <nkinder> Date: Mon Nov 23 09:48:50 2009 -0800 Allow dirsrv_t to log to a fifo in SELinux policy.
[root@testvm slapd-testvm]# setenforce 1 [root@testvm slapd-testvm]# getenforce Enforcing [root@testvm slapd-testvm]# /usr/bin/ds-logpipe.py /var/log/dirsrv/slapd-testvm/access123.pipe -d -u nobody Creating log pipe /var/log/dirsrv/slapd-testvm/access123.pipe Listening to log pipe /var/log/dirsrv/slapd-testvm/access123.pipe number of lines 1000 ^CRead 0 total lines /var/log/dirsrv/slapd-testvm/access123.pipe ============================================================ [root@testvm slapd-testvm]# ls -l /var/log/dirsrv/slapd-testvm/ total 928 -rw-------. 1 nobody nobody 787750 Jun 1 14:47 access prw-------. 1 nobody root 0 Jun 1 14:57 access123.pipe -rw-------. 1 nobody nobody 63 May 20 15:13 access123.pipe.rotationinfo -rw-------. 1 nobody nobody 63 May 24 12:40 access.rotationinfo -rw-------. 1 nobody nobody 58342 Jun 1 14:45 audit -rw-------. 1 nobody nobody 63 May 16 15:28 audit.rotationinfo -rw-------. 1 nobody nobody 40435 Jun 1 14:45 errors -rw-------. 1 nobody nobody 22014 May 30 12:02 errors.20110523-165700 -rw-------. 1 nobody nobody 162 May 30 17:14 errors.rotationinfo