Bug 727550 - selinux prevents rsyslog to log messages into mysql db
Summary: selinux prevents rsyslog to log messages into mysql db
Keywords:
Status: CLOSED DUPLICATE of bug 722536
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.7
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-02 12:49 UTC by Karel Srot
Modified: 2011-08-23 13:21 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-23 13:21:45 UTC


Attachments (Terms of Use)

Description Karel Srot 2011-08-02 12:49:20 UTC
Description of problem:

I have set up rsyslog to use ommysql.so module to store log messages in mysql database. 

Because of selinux the message was not logged into mysql db
This AVC appeared in enforcing mode:

type=SYSCALL msg=audit(1312288751.971:51): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=40f19c40 a2=6e a3=0 items=0 ppid=1 pid=11785 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1312288751.971:51): avc:  denied  { search } for  pid=11785 comm="rsyslogd" name="mysql" dev=dm-0 ino=97812543 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir

These AVCs appeared in permissive mode:

time->Tue Aug  2 08:39:11 2011
type=SYSCALL msg=audit(1312288751.971:51): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=40f19c40 a2=6e a3=0 items=0 ppid=1 pid=11785 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1312288751.971:51): avc:  denied  { search } for  pid=11785 comm="rsyslogd" name="mysql" dev=dm-0 ino=97812543 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir
----
time->Tue Aug  2 08:39:59 2011
type=SYSCALL msg=audit(1312288799.261:54): arch=c000003e syscall=42 success=yes exit=0 a0=a a1=41bc2c40 a2=6e a3=0 items=0 ppid=1 pid=12410 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=root:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(1312288799.261:54): avc:  denied  { connectto } for  pid=12410 comm="rsyslogd" path="/var/lib/mysql/mysql.sock" scontext=root:system_r:syslogd_t:s0 tcontext=root:system_r:mysqld_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1312288799.261:54): avc:  denied  { write } for  pid=12410 comm="rsyslogd" name="mysql.sock" dev=dm-0 ino=97812737 scontext=root:system_r:syslogd_t:s0 tcontext=root:object_r:mysqld_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1312288799.261:54): avc:  denied  { search } for  pid=12410 comm="rsyslogd" name="mysql" dev=dm-0 ino=97812543 scontext=root:system_r:syslogd_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir


module generated from these AVC fixed the problem for me

module mymod 1.0;

require {
	type syslogd_t;
	type mysqld_t;
	type mysqld_var_run_t;
	type mysqld_db_t;
	class sock_file write;
	class unix_stream_socket connectto;
	class dir search;
}

#============= syslogd_t ==============
allow syslogd_t mysqld_db_t:dir search;
allow syslogd_t mysqld_t:unix_stream_socket connectto;
allow syslogd_t mysqld_var_run_t:sock_file write;



Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-316.el5


How reproducible:
always

Steps to Reproduce:
1. config rsyslog to log into mysql db 
  
Actual results:
no logs in mysql db

Expected results:
logs in mysql db

Additional info:

Comment 1 Karel Srot 2011-08-23 13:21:45 UTC

*** This bug has been marked as a duplicate of bug 722536 ***


Note You need to log in before you can comment on or make changes to this bug.