[rt-users] SELinux RT/syslog problem
Jerrad Pierce
jpierce at cambridgeenergyalliance.org
Mon Nov 10 10:28:47 EST 2008
Is anyone running RT on a box with SELinux (ES4 in my case)?
Everything's been going peachy until for some reason yesterday
things got mucked up on /dev/log and now apache/RT cannot log
to syslog, which means several functions like merging are currently
inaccessible. Anybody happen to know what the proper context is
for that file? It's currently: system_u:object_r:devlog_t and the
errors I'm getting are:
#Pre- restorecon
Nov 9 19:30:25 rt kernel: audit(1226277025.460:207): avc: denied {
write } for pid=6378 comm="httpd.worker" name="log" dev=tmpfs
ino=32795 scontext=user_u:system_r:httpd_t
tcontext=root:object_r:device_t tclass=sock_file
#Post- restorecon
Nov 9 20:23:25 rt kernel: audit(1226280205.215:999): avc: denied {
sendto } for pid=6873 comm="httpd.worker" name="log"
scontext=user_u:system_r:httpd_t tcontext=root:system_r:unconfined_t
tclass=unix_dgram_socket
I've found a few pages online with hints on how I might be able to fix
this, but none use chcon and instead require modifying system policies
to add:
allow httpd_t device_t:sock_file write;
allow httpd_t unconfined_t:unix_dgram_socket sendto;
Which I cannot do as the necessary tools are not installed
(and the package manager is currently out of commission).
--
Cambridge Energy Alliance: Save money. Save the planet.
More information about the rt-users
mailing list