The new version of syslog-ng (bug#598961) is having these errors show up in the applet: Summary: SELinux is preventing /sbin/syslog-ng "create" access on syslog-ng.ctl. Detailed Description: SELinux denied access requested by syslog-ng. It is not expected that this access is required by syslog-ng and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:syslogd_t:s0 Target Context unconfined_u:object_r:syslogd_var_lib_t:s0 Target Objects syslog-ng.ctl [ sock_file ] Source syslog-ng Source Path /sbin/syslog-ng Port <Unknown> Host (removed) Source RPM Packages syslog-ng-3.1.1-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-33.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11 09:38:12 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Sun 25 Jul 2010 03:21:33 PM EDT Last Seen Sun 25 Jul 2010 03:21:33 PM EDT Local ID ebbe8bab-ac31-48d2-8ff2-f4cd51361b89 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1280085693.720:49536): avc: denied { create } for pid=8278 comm="syslog-ng" name="syslog-ng.ctl" scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:syslogd_var_lib_t:s0 tclass=sock_file node=(removed) type=SYSCALL msg=audit(1280085693.720:49536): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=a0e654 a2=23 a3=6 items=0 ppid=8277 pid=8278 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="syslog-ng" exe="/sbin/syslog-ng" subj=unconfined_u:system_r:syslogd_t:s0 key=(null) Summary: SELinux is preventing /sbin/syslog-ng "setrlimit" access . Detailed Description: [syslog-ng has a permissive type (syslogd_t). This access was not denied.] SELinux denied access requested by syslog-ng. It is not expected that this access is required by syslog-ng and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:syslogd_t:s0 Target Context unconfined_u:system_r:syslogd_t:s0 Target Objects None [ process ] Source syslog-ng Source Path /sbin/syslog-ng Port <Unknown> Host (removed) Source RPM Packages syslog-ng-3.1.1-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-33.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11 09:38:12 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Sun 25 Jul 2010 03:21:33 PM EDT Last Seen Sun 25 Jul 2010 03:21:33 PM EDT Local ID 18bfdad3-4b4c-4ef6-90d6-f4b9ca221db8 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1280085693.717:49535): avc: denied { setrlimit } for pid=8276 comm="syslog-ng" scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=unconfined_u:system_r:syslogd_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1280085693.717:49535): arch=c000003e syscall=160 success=yes exit=128 a0=7 a1=7fffa41a08e0 a2=ffffffffffffffa8 a3=7fffa41a0660 items=0 ppid=8275 pid=8276 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="syslog-ng" exe="/sbin/syslog-ng" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
There are temp packages here (v3.1.1): http://www.silfreed.net/download/repo/packages/syslog-ng/ I'll be committing the changes to rawhide branch shortly since things are looking good other than the selinux permissions.
Fixed in selinux-policy-3.8.8-5.fc14