named log with selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi,
it seems there is no named_log_t defined in the current selinux policy files (both on rhel4 and fc3). it would be useful to define such even if the current default named don't log enything somebody (like me) would like to log something. and got the following errors:
---------------------------------
Mar 23 09:40:34 blue kernel: audit(1111567234.309:0): avc: denied { search } for pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'update_log' file '/var/log/named-update': permission denied
Mar 23 09:40:34 blue kernel: audit(1111567234.309:0): avc: denied { search } for pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'query_log' file '/var/log/named-query': permission denied
Mar 23 09:40:34 blue kernel: audit(1111567234.310:0): avc: denied { search } for pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'security_log' file '/var/log/named-auth': permission denied
---------------------------------
what more (i don't know why) when i try to relabel the log files to named_t i've got these errors:
---------------------------------
Mar 23 09:50:54 blue kernel: audit(1111567854.706:0): avc: denied { relabelto } for pid=2922 exe=/usr/bin/chcon name=named-auth dev=md0 ino=4670608 scontext=root:system_r:unconfined_t tcontext=root:object_r:named_t tclass=file
Mar 23 09:50:54 blue kernel: audit(1111567854.707:0): avc: denied { relabelto } for pid=2922 exe=/usr/bin/chcon name=named-query dev=md0 ino=4670491 scontext=root:system_r:unconfined_t tcontext=root:object_r:named_t tclass=file
Mar 23 09:50:54 blue kernel: audit(1111567854.707:0): avc: denied { relabelto } for pid=2922 exe=/usr/bin/chcon name=named-update dev=md0 ino=4669631 scontext=root:system_r:unconfined_t tcontext=root:object_r:named_t tclass=file
---------------------------------
any tip?
thanks in advance.
yours.


--
  Levente                               "Si vis pacem para bellum!"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux