Description of problem: Occasionally while starting rsyslog with a GSS listener it will fail if selinux is enabled, this seems to be a problem with selinux permissions on a temporary kerberos cache file. Version-Release number of selected component (if applicable): rsyslogd: swVersion="3.22.1" CentOS release 5.5 (Final) 2.6.18-128.el5 #1 SMP x86_64 Occasionally while starting rsyslog with gssapi the listener won't start, to reproduce: Replace default syslog daemon with rsyslog. Configure rsyslog to use a gssapi listener using the following config. $ModLoad imgssapi # load input gss module $InputGSSServerServiceName rsyslog # set the name of service principal, "host" is the default one $InputGSSServerPermitPlainTCP off # accept GSS and TCP connections (not authenticated senders), off by default $InputGSSServerRun 514 # run server on port Create a new kerberos service for rsyslog on your kdc like rsyslog/host.example.com (or you can use the host entry and comment out the InputGSSServerServiceName in the config above) Obtain a kerberos ticket using /usr/kerberos/bin/kinit -k rsyslog/host.example.com Restart rsyslog to use new config: service rsyslog restart If the problem surfaces you will get a log message such as: Aug 24 11:50:09 host kernel: Kernel logging (proc) stopped. Aug 24 11:50:09 host kernel: imklog 3.22.1, log source = /proc/kmsg started. Aug 24 11:50:09 host rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="8568" x-info="http://www.rsyslog.com"] (re)start Aug 24 11:50:09 host rsyslogd: GSS-API error acquiring credentials: Unspecified GSS failure. Minor code may provide more information Aug 24 11:50:09 host rsyslogd: GSS-API error acquiring credentials: Unknown code krb5 169 Aug 24 11:50:09 host rsyslogd: GSS-API initialization failed Aug 24 11:50:09 host rsyslogd: error -2101 trying to add listener Aug 24 11:50:09 host rsyslogd: the last error occured in /etc/rsyslog.conf, line 66 Aug 24 11:50:09 host rsyslogd-2123: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2123 ] Kerberos error code 169 means "Permission denied in replay cache code" which happens because of selinux, disabling selinux fixes the problem. This might be related to https://bugzilla.redhat.com/show_bug.cgi?id=196952 and probably affects all applications that use kerberos tickets.
Reassigning to selinux-policy.
What AVC are you getting in permissive mode?