Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 06-17-2008, 03:06 AM   #1
LQ Newbie
Registered: Jun 2008
Posts: 5

Rep: Reputation: 0
Angry SELinux blocks my changes in rsyslog.conf

I want to send messages from one fedora9 to another via rsyslog.
But SELinux doesn't accept my changed nothing works...

Can anybody help me?
I don't want to disable SELinux...

PS: If some of my questions will be stupid...sorry...I'm a newbie...

Best regards
Old 06-17-2008, 03:39 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
it's just a case of modifying your selinux rules to allow your changes. Obviously you need to pay as much attention to the selinux errors as possible to ensure that they are suitable to avoid (as opposed to other actions like using chcon to change the context of an incorrectly created config file etc...)

so you'd use the audit2allow command to inspect the dmesg buffer and provide you with rules to get around what is listed as denied in there.

first ensure you have the targeted policy sources installed:
yum -y install selinux-policy-targeted-sources
cd /etc/selinux/targeted/src/policy/
then update the policy to allow the denied avc:
audit2allow -d        # show knew rules
audit2allow -d -o /etc/selinux/targeted/src/policy/domains/misc/local.te        # add new rules to user policy
make reload        # build rules.
The last part may need to be done a number of times as everything will stop at a given denial, and once that is permitted others behind it can then be hit. but as log as you pay attention to the rules and can keep seeing additional rules that make sense and are new you'll be fine.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
rsyslog sometimes logs fqdn, sometimes just host name whysyn Linux - Software 3 06-03-2008 10:31 AM
Fedora 8 selinux blocks root cron but not user cron Infinity Fedora 7 11-29-2007 08:21 AM
anyone using rsyslog? slackamp Slackware 1 10-16-2007 09:55 PM
SElinux Disaster / Can't Login / X11 Blocks tarek_taha Fedora 5 06-08-2006 08:29 AM
selinux:policy.conf silvercloud Linux - Enterprise 0 08-23-2005 04:38 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration