[rsyslog] SELinux woes

Alec Swan via rsyslog Tue, 27 Dec 2016 09:23:24 -0800

Hi there,

I spent a couple of hours trying to figure out why rsyslog was not sending
my logs to elasticsearch just to find out that SELinux was blocking it. So,
"setsebool -P nis_enabled 1" fixed that problem.


At this point rsyslog is sending logs to ES but I see other selinux errors
in /var/log/audit/audit.log. I am wondering if somebody already has an
SELinux policy for rsyslog that will fix these errors?


type=SYSCALL msg=audit(1482856936.276:870708): arch=c000003e syscall=21
success=no exit=-13 a0=7fb3c9c81680 a1=2 a2=d a3=7fb3dddb6180 items=0
ppid=1 pid=11505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rs:omelasticsea"
exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)

type=AVC msg=audit(1482856936.311:870709): avc:  denied  { write } for
 pid=11505 comm="rs:omelasticsea" name="cert9.db" dev="vda3" ino=653007
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:cert_t:s0 tclass=file

type=SYSCALL msg=audit(1482856936.311:870709): arch=c000003e syscall=2
success=no exit=-13 a0=7fb3c00823e0 a1=80042 a2=1a4 a3=7fb3c00823e0 items=0
ppid=1 pid=11505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rs:omelasticsea"
exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)

type=AVC msg=audit(1482856936.346:870710): avc:  denied  { write } for
 pid=11505 comm="rs:omelasticsea" name="key4.db" dev="vda3" ino=653010
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:cert_t:s0 tclass=file

type=SYSCALL msg=audit(1482856936.346:870710): arch=c000003e syscall=2
success=no exit=-13 a0=7fb3c00935e0 a1=80042 a2=1a4 a3=7fb3c00935e0 items=0
ppid=1 pid=11505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rs:omelasticsea"
exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)


Thanks,

Alec
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] SELinux woes

Reply via email to