|
Hello I am using CentOS 6.4 and I want to store the logs from openswan into a different file ( /var/log/ipsec ) than the default. For this purpose I added plutostderrlog=/var/log/ipsecto ipsec.conf. As long as I keep the server in permissive mode, openswan starts OK. If, however, I switch to enforcing, the daemon refuses to start with the following error message displayed in the console: ipsec_setup: Starting Openswan IPsec U2.6.32/K3.0.78-1.el6.elrepo.x86_64...The audit log does not record anything useful so I tried to switch dontaudit to off and see if anything useful comes out. After running audit2allow and a bit of trial and error I came out with the following custom policy : module myipsec 1.0;The above policy worked for me but I am wondering if it is OK (I am mostly confused by the fact that the class includes " write ioctl getattr append " but the rule has only "write" ). And, assuming it is OK can this custom policy ( or the corrected one if needed ) be included in the default policy ? TIA manuel |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
