Summary: | app-admin/syslog-ng-3.2.5 fails to start on ~amd64/selinux after rlpkg -a -r | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Amadeusz Sławiński <amade> |
Component: | Hardened | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Amadeusz Sławiński
2012-01-05 21:51:21 UTC
What was I thinking... dmesg | grep syslog with SELinux in permissive mode from running /etc/init.s/syslog-ng start: [ 95.481111] type=1400 audit(1325800781.833:566): avc: denied { read write } for pid=2355 comm="syslog-ng" name="syslog-ng.persist-" dev=dm-0 ino=3375580 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_lib_t tclass=file [ 95.481122] type=1400 audit(1325800781.833:567): avc: denied { open } for pid=2355 comm="syslog-ng" name="syslog-ng.persist-" dev=dm-0 ino=3375580 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_lib_t tclass=file [ 95.481248] type=1400 audit(1325800781.833:568): avc: denied { getattr } for pid=2355 comm="syslog-ng" path="/var/lib/misc/syslog-ng.persist" dev=dm-0 ino=3375570 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_lib_t tclass=file [ 95.495698] type=1400 audit(1325800781.849:569): avc: denied { rename } for pid=2355 comm="syslog-ng" name="syslog-ng.persist-" dev=dm-0 ino=3375580 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_lib_t tclass=file Can you try: ~# semanage fcontext -a -t syslogd_var_lib_t /var/lib/misc/syslog-ng\.persist and try again? semanage fcontext -a -t syslogd_var_lib_t /var/lib/misc/syslog-ng\.persist- does the job (do notice "-" at end) Will be added in r12 as well In hardened-dev overlay Works fine -r13 in main tree ~arch'ed Stabilized |