Page 1 of 1

Remote Syslog Fails With SELinux Enabled

Posted: 2007/03/07 18:19:48
by mbytnar
Running a stock Centos 4.4 DVD install with -all- packages installed.

The default SELinux policy for syslog prevents syslog from opening port 514.
Any suggestions how to resolve this?

The following enables the SELinux policies (current scope is 'targeted'), then restarts syslog, then checks whether port 514 (syslog) was opened.

setenforce 1 ; service syslog restart ; netstat -an|grep 514 || echo Sorry, syslog not running on port 514.

The result: "Sorry, syslog not running on port 514." It appears one of the SELinux policies denies syslog from opening port 514, as seen in /var/log/messages.

Mar 6 11:49:53 centos4 kernel: audit(1173203393.332:38): avc: denied { write } for pid=5652 comm="minilogd" name="log" dev=tmpfs ino=16343 scontext=root:system_r:syslogd_t tcontext=root:object_r:device_t tclass=sock_file

When I change to "setenforce 0" (disabling SELinux policies), syslog opens port 514.

I google'd and searched this forum, and found no similar issue, should this be reported as a bug?

Any suggestions how to correct/fix the syslog policy?

Regards,
--Mike

Remote Syslog Fails With SELinux Enabled

Posted: 2007/04/10 16:14:24
by yyagol
run as root :
[code]
# getsebool syslogd_disable_trans
[/code]

if you get [code]# syslogd_disable_trans --> active[/code]

then run :[code]# setsebool syslogd_disable_trans 0[/code]