Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 405425

Summary: app-admin/syslog-ng-3.3.4 doesn't work on selinux(strict)
Product: Gentoo Linux Reporter: Amadeusz Sławiński <amade>
Component: HardenedAssignee: Sven Vermeulen (RETIRED) <swift>
Status: VERIFIED FIXED    
Severity: normal CC: howard_b_golden, selinux
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Amadeusz Sławiński 2012-02-23 13:08:24 UTC
New version of syslog-ng doesn't start after update

/etc/init.d/syslog-ng start
Authenticating root.
Password: 

GThread-ERROR **: file gthread-posix.c: line 140 (g_thread_impl_init): error 'Operation not permitted' during 'pthread_getschedparam (pthread_self(), &policy, &sched)'
/etc/init.d/syslog-ng: line 35: 12672 Trace/breakpoint trap   syslog-ng -s -f "${SYSLOG_NG_CONFIGFILE}"
 * Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)                                                                                                                     [ !! ]
 * ERROR: syslog-ng failed to start

from dmesg in enforcing:
[ 5314.546296] type=1400 audit(1330001827.946:391): avc:  denied  { getsched } for  pid=12672 comm="syslog-ng" scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t tclass=process
[ 5314.546317] type=1400 audit(1330001827.946:392): avc:  denied  { getsched } for  pid=12672 comm="syslog-ng" scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t tclass=process

in permissive:
[ 5374.759527] type=1400 audit(1330001888.279:397): avc:  denied  { getsched } for  pid=12771 comm="syslog-ng" scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t tclass=process


after audit2allow seems to work properly

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-03-26 20:14:27 UTC
Will be included in -r6
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-03-29 18:37:52 UTC
In hardened-dev overlay
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-03-31 12:43:38 UTC
In main tree, ~arch'ed
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2012-04-29 15:14:59 UTC
Stable