[rt-users] SELinux RT/syslog problem

Jerrad Pierce jpierce at cambridgeenergyalliance.org
Mon Nov 10 10:28:47 EST 2008


Is anyone running RT on a box with SELinux (ES4 in my case)?
Everything's been going peachy until for some reason yesterday
things got mucked up on /dev/log and now apache/RT cannot log
to syslog, which means several functions like merging are currently
inaccessible. Anybody happen to know what the proper context is
for that file? It's currently: system_u:object_r:devlog_t and the
errors I'm getting are:

#Pre- restorecon
Nov 9 19:30:25 rt kernel: audit(1226277025.460:207): avc: denied {
write } for pid=6378 comm="httpd.worker" name="log" dev=tmpfs
ino=32795 scontext=user_u:system_r:httpd_t
tcontext=root:object_r:device_t tclass=sock_file

#Post- restorecon
Nov 9 20:23:25 rt kernel: audit(1226280205.215:999): avc: denied {
sendto } for pid=6873 comm="httpd.worker" name="log"
scontext=user_u:system_r:httpd_t tcontext=root:system_r:unconfined_t
tclass=unix_dgram_socket

I've found a few pages online with hints on how I might be able to fix
this, but none use chcon and instead require modifying system policies
to add:

allow httpd_t device_t:sock_file write;
allow httpd_t unconfined_t:unix_dgram_socket sendto;

Which I cannot do as the necessary tools are not installed
(and the package manager is currently out of commission).
-- 
Cambridge Energy Alliance: Save money. Save the planet.



More information about the rt-users mailing list