Hi everyone; I have a centralized logging server setup using syslog-ng
and redhat ES 4; I would like to enable selinux on this box (right now
it's in warn only mode), however I'm seeing the following warning in
/var/log/messages
kernel: audit(1148404063.302:9): avc: denied { read } for pid=2424
comm="syslog-ng" name="hosts" dev=dm-3 ino=64563
scontext=user_u:system_r:syslogd_t tcontext=root:object_r:var_log_t
tclass=lnk_file
I expect that if I put selinux to enforce, then I'm going to loose some
logging functionality; does anyone know how to enable the syslog-ng
selinux policy? Thanks
Syslong-ng policy looks like this:
getsebool use_syslogng
use_syslogng --> active
Aaron
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
