On 10/29/2015 06:56 AM, Paolo Galtieri wrote: > On the system that fails > > /bin/ls -ldZ /var/log/snort > lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 44 Oct 24 > 17:29 /var/log/snort -> /run/media/pgaltieri/NEWDATA2/NSM/logs/snort > > /bin/ls -ldZ /run/media/pgaltieri/NEWDATA2/NSM/logs/snort > drwxr-xr-x. 2 snort snort unconfined_u:object_r:unlabeled_t:s0 4096 > Oct 28 15:31 /run/media/pgaltieri/NEWDATA2/NSM/logs/snort > > Note that on the failing system the selinux context shows the > directory has unlabeled_t context while on the working system it's > colord_var_lib_t. I set this at some point (I think), but I forget > how I did it :-( > > I have also set up user snort so that I can login to the account and I > get > > su - snort > Password: > su: warning: cannot change directory to /var/log/snort: Permission denied > -bash: /var/log/snort/.bash_profile: Permission denied > > I can write to the directory if I do > > sudo touch /var/log/snort/testfile > > So what do I need to do to fix this so I can get snort to write to > it's log directory? > > Any assistance is appreciated. Are you getting AVC records in /var/log/audit/audit.log? Have you run "sealert -b"? -- In reality, some people should stick to running Windows and others should stay away from computers altogether. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org