SELINUX : Syslog_disable_trans

spbalamurugan · 03-19-2009, 06:05 AM

Hi,

Previously, I have tried the following command to enable syslog_disable_trans in SELinux.

setsebool -P syslog_disable_trans =1 and reboot the pc.

Currently, I want to disable to syslog_disable_trans in SELinux . i have tried it .But i got the following errors.

[root@localhost ~]# setsebool -P syslog_disable_trans=0
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean syslog_disable_trans
Could not change policy booleans

is any other way to disable syslog_disable_trans in SELinux.

It is high priority for me. Kindly do the needful.

Thanks,
balamurugan sengoden

slimm609 · 03-19-2009, 06:27 AM

did you check the /etc/selinux/<policy>/booleans and see if it exists. It might not be using that one (technically you dont need anything in that file. I keep mine blank and let only the policy decide) but you might just need to create a policy module for syslog.

also please state you distro and policy so that we can help with specifics

spbalamurugan · 03-20-2009, 12:33 AM

Hi ,

I have tried to view that file (/etc/selinux/syslog_disable_trans/booleans). There is no files under the folder. FYI. I am using RHEL 5.2 Version. I have attached getsebool -a command in following

[root@localhost ~]# getsebool -a | more
NetworkManager_disable_trans --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
allow_daemons_use_tty --> off
allow_execheap --> off
allow_execmem --> on
allow_execmod --> off
allow_execstack --> on
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_gssd_read_tmp --> on
allow_httpd_anon_write --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
allow_java_execstack --> off
allow_kerberos --> on
allow_mount_anyfile --> off
allow_mounton_anydir --> on
allow_nfsd_anon_write --> off
allow_polyinstantiation --> off
allow_rsync_anon_write --> off
allow_saslauthd_read_shadow --> off
allow_smbd_anon_write --> off
allow_unconfined_execmem_dyntrans --> off
allow_unlabeled_packets --> on
allow_ypbind --> off
allow_zebra_write_config --> on
amanda_disable_trans --> off
amavis_disable_trans --> off
apmd_disable_trans --> off
arpwatch_disable_trans --> off
auditd_disable_trans --> off
automount_disable_trans --> off
avahi_disable_trans --> off
bluetooth_disable_trans --> off
canna_disable_trans --> off
cardmgr_disable_trans --> off
ccs_disable_trans --> off
clamd_disable_trans --> off
clamscan_disable_trans --> off
clvmd_disable_trans --> off
comsat_disable_trans --> off
crond_disable_trans --> off
cupsd_config_disable_trans --> off
cupsd_disable_trans --> off
cupsd_lpd_disable_trans --> off
cvs_disable_trans --> off
cyrus_disable_trans --> off
dbskkd_disable_trans --> off
dccd_disable_trans --> off
dccifd_disable_trans --> off
dccm_disable_trans --> off
dhcpc_disable_trans --> off
dhcpd_disable_trans --> off
dovecot_disable_trans --> off
fcron_crond --> off
fetchmail_disable_trans --> off
fingerd_disable_trans --> off
freshclam_disable_trans --> off
fsdaemon_disable_trans --> off
ftp_home_dir --> off
ftpd_disable_trans --> off
ftpd_is_daemon --> on
global_ssp --> off
gpm_disable_trans --> off
gssd_disable_trans --> off
hald_disable_trans --> off
hotplug_disable_trans --> off
howl_disable_trans --> off
hplip_disable_trans --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_rotatelogs_disable_trans --> off
httpd_ssi_exec --> off
httpd_suexec_disable_trans --> off
httpd_tty_comm --> off
httpd_unified --> on
inetd_child_disable_trans --> off
inetd_disable_trans --> off
innd_disable_trans --> off
irqbalance_disable_trans --> off
iscsid_disable_trans --> off
kadmind_disable_trans --> off
klogd_disable_trans --> off
krb5kdc_disable_trans --> off
ktalkd_disable_trans --> off
lpd_disable_trans --> off
mailman_mail_disable_trans --> off
mdadm_disable_trans --> off
mysqld_disable_trans --> on
nagios_disable_trans --> off
named_disable_trans --> off
named_write_master_zones --> off
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nfsd_disable_trans --> off
nmbd_disable_trans --> off
nrpe_disable_trans --> off
nscd_disable_trans --> off
ntpd_disable_trans --> off
oddjob_disable_trans --> off
oddjob_mkhomedir_disable_trans --> off
openvpn_disable_trans --> off
pcscd_disable_trans --> off
pegasus_disable_trans --> off
portmap_disable_trans --> off
postfix_disable_trans --> off
postgresql_disable_trans --> off
pppd_can_insmod --> off
pppd_disable_trans --> off
pptp_disable_trans --> off
privoxy_disable_trans --> off
ptal_disable_trans --> off
pyzord_disable_trans --> off
radiusd_disable_trans --> off
radvd_disable_trans --> off
rdisc_disable_trans --> off
read_default_t --> on
readahead_disable_trans --> off
restorecond_disable_trans --> off
rhgb_disable_trans --> off
ricci_disable_trans --> off
ricci_modclusterd_disable_trans --> off
rlogind_disable_trans --> off
rpcd_disable_trans --> off
rshd_disable_trans --> off
rsync_disable_trans --> off
samba_enable_home_dirs --> off
samba_share_nfs --> off
saslauthd_disable_trans --> off
secure_mode_insmod --> off
secure_mode_policyload --> on
setrans_disable_trans --> off
setroubleshootd_disable_trans --> off
slapd_disable_trans --> off
smbd_disable_trans --> off
snmpd_disable_trans --> off
spamd_disable_trans --> off
spamd_enable_home_dirs --> on
squid_connect_any --> off
squid_disable_trans --> off
stunnel_disable_trans --> off
stunnel_is_daemon --> off
swat_disable_trans --> off
syslogd_disable_trans --> on
tcpd_disable_trans --> off
telnetd_disable_trans --> off
tftpd_disable_trans --> off
tzdata_disable_trans --> off
udev_disable_trans --> off
use_lpd_server --> off
use_nfs_home_dirs --> off
use_samba_home_dirs --> off
uucpd_disable_trans --> off
winbind_disable_trans --> off
xdm_disable_trans --> off
xend_disable_trans --> off
xfs_disable_trans --> off
xm_disable_trans --> off
ypbind_disable_trans --> off
yppasswdd_disable_trans --> off
ypserv_disable_trans --> off
ypxfr_disable_trans --> off
zebra_disable_trans --> off
-------------------------

I have attached /etc/selinux/config . it is enforcing state and targeted .

Could you please explain step by step to correct the problem. I am not well verse in RHEL. I am basic learner. Could you please do the needful

chrism01 · 03-20-2009, 12:42 AM

You've got a typo:

as per your list, its syslogd_disable_trans, not syslog_disable_trans ie syslogd_... not syslog_... note the d for daemon there.

spbalamurugan · 03-20-2009, 01:56 AM

Thanks for pointing my mistake. I have tried it with following command with syslogd.

[root@localhost ~]# setsebool -P syslogd_disable_trans=0

libsemanage.bool_commit_list: libselinux commit failed
libsemanage.bool_commit_list: could not commit boolean list
libsemanage.dbase_activedb_flush: could not flush active database
libsemanage.semanage_commit_components: could not commit local/active modifications
Could not change policy booleans
---------------------
[root@localhost ~]# setsebool -P syslogd_disable_trans=off
libsemanage.bool_commit_list: libselinux commit failed
libsemanage.bool_commit_list: could not commit boolean list
libsemanage.dbase_activedb_flush: could not flush active database
libsemanage.semanage_commit_components: could not commit local/active modifications
Could not change policy booleans
-------------------

Could you please do the needful.