named log with selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi,
it seems there is no named_log_t defined in the current selinux policy files (both on rhel4 and fc3). it would be useful to define such even if the current default named don't log enything somebody (like me) would like to log something. and got the following errors:
---------------------------------
Mar 23 09:40:34 blue kernel: audit(1111567234.309:0): avc: denied { search } for pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'update_log' file '/var/log/named-update': permission denied
Mar 23 09:40:34 blue kernel: audit(1111567234.309:0): avc: denied { search } for pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'query_log' file '/var/log/named-query': permission denied
Mar 23 09:40:34 blue kernel: audit(1111567234.310:0): avc: denied { search } for pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'security_log' file '/var/log/named-auth': permission denied
---------------------------------
what more (i don't know why) when i try to relabel the log files to named_t i've got these errors:
---------------------------------
Mar 23 09:50:54 blue kernel: audit(1111567854.706:0): avc: denied { relabelto } for pid=2922 exe=/usr/bin/chcon name=named-auth dev=md0 ino=4670608 scontext=root:system_r:unconfined_t tcontext=root:object_r:named_t tclass=file
Mar 23 09:50:54 blue kernel: audit(1111567854.707:0): avc: denied { relabelto } for pid=2922 exe=/usr/bin/chcon name=named-query dev=md0 ino=4670491 scontext=root:system_r:unconfined_t tcontext=root:object_r:named_t tclass=file
Mar 23 09:50:54 blue kernel: audit(1111567854.707:0): avc: denied { relabelto } for pid=2922 exe=/usr/bin/chcon name=named-update dev=md0 ino=4669631 scontext=root:system_r:unconfined_t tcontext=root:object_r:named_t tclass=file
---------------------------------
any tip?
thanks in advance.
yours.



-- Levente "Si vis pacem para bellum!"

_______________________________________________
Redhat-devel-list mailing list
Redhat-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/redhat-devel-list

[Index of Archives]     [Kernel Newbies]     [Red Hat General]     [Fedora]     [Red Hat Install]     [Linux Kernel Development]     [Yosemite News]

  Powered by Linux