Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

syslog-ng non-standard install generating AVC: msg#00269

Subject: syslog-ng non-standard install generating AVC
I recently installed FC3 on a machine (we had previously been using FC1), so this is my first exposure to selinux. Consequently, we are running the targeted policy in permissive mode. We use syslog-ng (rather than sysklogd) and have updated the syslog-ng.conf to monitor/log/distribute log events on a number of other ports beyond the standard syslog distribution. 

Among other things that we do in syslog-ng include:
 - open non-standard UDP/TCP ports
 - open non-standard files
 - call non-standard routines
As a complete newbie to selinux, I don't know whether it is easier/simpler/better/(or even how) to modify the syslog policy or the attributes of the executables/files/directories that it touches. I would appreciate some advice and guidance. 

AVC log events:

Dec 27 04:02:17 gsi10 kernel: audit(1104138137.142:0): avc:  denied  { write } 
for  pid=16201 exe=/sbin/syslog-ng name=kmsg dev=proc ino=-268435446 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:proc_kmsg_t 
tclass=file
Dec 27 04:02:17 gsi10 kernel: audit(1104138137.145:0): avc:  denied  { read } 
for  pid=16202 exe=/bin/bash name=mtab dev=dm-0 ino=7146016 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:etc_runtime_t 
tclass=file
Dec 27 04:02:17 gsi10 kernel: audit(1104138137.145:0): avc:  denied  { getattr 
} for  pid=16202 exe=/bin/bash path=/etc/mtab dev=dm-0 ino=7146016 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:etc_runtime_t 
tclass=file
Dec 27 04:02:17 gsi10 kernel: audit(1104138137.150:0): avc:  denied  { write } 
for  pid=16202 exe=_executable_1_ name=status dev=dm-0 ino=166481 
scontext=system_u:system_r:syslogd_t tcontext=user_u:object_r:usr_t tclass=file
Dec 27 04:02:17 gsi10 kernel: audit(1104138137.150:0): avc:  denied  { getattr 
} for  pid=16202 exe=_executable_1_ path=_file_1_ dev=dm-0 ino=166481 
scontext=system_u:system_r:syslogd_t tcontext=user_u:object_r:usr_t tclass=file
Dec 27 10:47:27 gsi10 kernel: audit(1104162447.513:0): avc:  denied  { 
sys_admin } for  pid=16201 exe=/sbin/syslog-ng capability=21 
scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t 
tclass=capability
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { write } 
for  pid=16201 exe=/sbin/syslog-ng name=log dev=dm-0 ino=166417 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t tclass=dir
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { add_name 
} for  pid=16201 exe=/sbin/syslog-ng name=e27.log 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t tclass=dir
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { create } 
for  pid=16201 exe=/sbin/syslog-ng name=e27.log 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { setattr 
} for  pid=16201 exe=/sbin/syslog-ng name=e27.log dev=dm-0 ino=166450 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { chown } 
for  pid=16201 exe=/sbin/syslog-ng capability=0 
scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t 
tclass=capability
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { fowner } 
for  pid=16201 exe=/sbin/syslog-ng capability=3 
scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t 
tclass=capability
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { fsetid } 
for  pid=16201 exe=/sbin/syslog-ng capability=4 
scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:syslogd_t 
tclass=capability
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.160:0): avc:  denied  { append } 
for  pid=16201 exe=/sbin/syslog-ng path=_file_2_ dev=dm-0 ino=166450 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.318:0): avc:  denied  { write } 
for  pid=16202 exe=_executable_1_ path=_file_3_ dev=dm-0 ino=166444 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.318:0): avc:  denied  { getattr 
} for  pid=16202 exe=_executable_1_ path=_file_4_ dev=dm-0 ino=166472 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.318:0): avc:  denied  { read } 
for  pid=16202 exe=_executable_1_ path=_file_5_ dev=dm-0 ino=166474 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.319:0): avc:  denied  { 
remove_name } for  pid=16202 exe=_executable_1_ name=delete_next dev=dm-0 
ino=166474 scontext=system_u:system_r:syslogd_t 
tcontext=system_u:object_r:usr_t tclass=dir
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.319:0): avc:  denied  { unlink } 
for  pid=16202 exe=_executable_1_ name=delete_next dev=dm-0 ino=166474 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:usr_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.319:0): avc:  denied  { search } 
for  pid=1633 exe=_executable_1_ name=bin dev=dm-0 ino=1245185 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:bin_t tclass=dir
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.319:0): avc:  denied  { read } 
for  pid=1633 exe=_executable_1_ name=sh dev=dm-0 ino=3850242 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:bin_t 
tclass=lnk_file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.319:0): avc:  denied  { execute 
} for  pid=1633 exe=_executable_1_ name=bash dev=dm-0 ino=1245248 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:shell_exec_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.320:0): avc:  denied  { 
execute_no_trans } for  pid=1633 exe=_executable_1_ path=/bin/bash dev=dm-0 
ino=1245248 scontext=system_u:system_r:syslogd_t 
tcontext=system_u:object_r:shell_exec_t tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.320:0): avc:  denied  { read } 
for  pid=1633 exe=_executable_1_ path=/bin/bash dev=dm-0 ino=1245248 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:shell_exec_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.321:0): avc:  denied  { read } 
for  pid=1633 exe=/bin/bash name=meminfo dev=proc ino=-268435454 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:proc_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.321:0): avc:  denied  { getattr 
} for  pid=1633 exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:proc_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.322:0): avc:  denied  { search } 
for  pid=1633 exe=/bin/bash name=sbin dev=dm-0 ino=7356417 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:sbin_t 
tclass=dir
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.322:0): avc:  denied  { getattr 
} for  pid=1633 exe=/bin/bash path=/bin/bash dev=dm-0 ino=1245248 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:shell_exec_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.323:0): avc:  denied  { getattr 
} for  pid=1633 exe=/bin/bash path=/bin/rm dev=dm-0 ino=1245243 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:bin_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.323:0): avc:  denied  { execute 
} for  pid=1633 exe=/bin/bash name=rm dev=dm-0 ino=1245243 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:bin_t 
tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.323:0): avc:  denied  { 
execute_no_trans } for  pid=1633 exe=/bin/bash path=/bin/rm dev=dm-0 
ino=1245243 scontext=system_u:system_r:syslogd_t 
tcontext=system_u:object_r:bin_t tclass=file
Dec 27 16:16:35 gsi10 kernel: audit(1104182195.323:0): avc:  denied  { read } 
for  pid=1633 exe=/bin/bash path=/bin/rm dev=dm-0 ino=1245243 
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:bin_t 
tclass=file

Steve Friedman
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  postgresql pg_dump won't run, Dr. Michael J. Chudobiak
Next by Date:  Re: new kernel, new policy installed as .rpmnew, Colin Walters
Previous by Thread:  postgresql pg_dump won't run, Dr. Michael J. Chudobiak
Next by Thread:  Re: syslog-ng non-standard install generating AVC, Daniel J Walsh
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe