LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-19-2009, 06:05 AM   #1
spbalamurugan
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
SELINUX : Syslog_disable_trans


Hi,

Previously, I have tried the following command to enable syslog_disable_trans in SELinux.

setsebool -P syslog_disable_trans =1 and reboot the pc.

Currently, I want to disable to syslog_disable_trans in SELinux . i have tried it .But i got the following errors.

[root@localhost ~]# setsebool -P syslog_disable_trans=0
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean syslog_disable_trans
Could not change policy booleans


is any other way to disable syslog_disable_trans in SELinux.

It is high priority for me. Kindly do the needful.


Thanks,
balamurugan sengoden
 
Old 03-19-2009, 06:27 AM   #2
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
did you check the /etc/selinux/<policy>/booleans and see if it exists. It might not be using that one (technically you dont need anything in that file. I keep mine blank and let only the policy decide) but you might just need to create a policy module for syslog.

also please state you distro and policy so that we can help with specifics
 
Old 03-20-2009, 12:33 AM   #3
spbalamurugan
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Original Poster
Rep: Reputation: 0
SELINUX :syslog_disable_trans

Hi ,

I have tried to view that file (/etc/selinux/syslog_disable_trans/booleans). There is no files under the folder. FYI. I am using RHEL 5.2 Version. I have attached getsebool -a command in following

[root@localhost ~]# getsebool -a | more
NetworkManager_disable_trans --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
allow_daemons_use_tty --> off
allow_execheap --> off
allow_execmem --> on
allow_execmod --> off
allow_execstack --> on
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_gssd_read_tmp --> on
allow_httpd_anon_write --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
allow_java_execstack --> off
allow_kerberos --> on
allow_mount_anyfile --> off
allow_mounton_anydir --> on
allow_nfsd_anon_write --> off
allow_polyinstantiation --> off
allow_rsync_anon_write --> off
allow_saslauthd_read_shadow --> off
allow_smbd_anon_write --> off
allow_unconfined_execmem_dyntrans --> off
allow_unlabeled_packets --> on
allow_ypbind --> off
allow_zebra_write_config --> on
amanda_disable_trans --> off
amavis_disable_trans --> off
apmd_disable_trans --> off
arpwatch_disable_trans --> off
auditd_disable_trans --> off
automount_disable_trans --> off
avahi_disable_trans --> off
bluetooth_disable_trans --> off
canna_disable_trans --> off
cardmgr_disable_trans --> off
ccs_disable_trans --> off
clamd_disable_trans --> off
clamscan_disable_trans --> off
clvmd_disable_trans --> off
comsat_disable_trans --> off
crond_disable_trans --> off
cupsd_config_disable_trans --> off
cupsd_disable_trans --> off
cupsd_lpd_disable_trans --> off
cvs_disable_trans --> off
cyrus_disable_trans --> off
dbskkd_disable_trans --> off
dccd_disable_trans --> off
dccifd_disable_trans --> off
dccm_disable_trans --> off
dhcpc_disable_trans --> off
dhcpd_disable_trans --> off
dovecot_disable_trans --> off
fcron_crond --> off
fetchmail_disable_trans --> off
fingerd_disable_trans --> off
freshclam_disable_trans --> off
fsdaemon_disable_trans --> off
ftp_home_dir --> off
ftpd_disable_trans --> off
ftpd_is_daemon --> on
global_ssp --> off
gpm_disable_trans --> off
gssd_disable_trans --> off
hald_disable_trans --> off
hotplug_disable_trans --> off
howl_disable_trans --> off
hplip_disable_trans --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_rotatelogs_disable_trans --> off
httpd_ssi_exec --> off
httpd_suexec_disable_trans --> off
httpd_tty_comm --> off
httpd_unified --> on
inetd_child_disable_trans --> off
inetd_disable_trans --> off
innd_disable_trans --> off
irqbalance_disable_trans --> off
iscsid_disable_trans --> off
kadmind_disable_trans --> off
klogd_disable_trans --> off
krb5kdc_disable_trans --> off
ktalkd_disable_trans --> off
lpd_disable_trans --> off
mailman_mail_disable_trans --> off
mdadm_disable_trans --> off
mysqld_disable_trans --> on
nagios_disable_trans --> off
named_disable_trans --> off
named_write_master_zones --> off
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nfsd_disable_trans --> off
nmbd_disable_trans --> off
nrpe_disable_trans --> off
nscd_disable_trans --> off
ntpd_disable_trans --> off
oddjob_disable_trans --> off
oddjob_mkhomedir_disable_trans --> off
openvpn_disable_trans --> off
pcscd_disable_trans --> off
pegasus_disable_trans --> off
portmap_disable_trans --> off
postfix_disable_trans --> off
postgresql_disable_trans --> off
pppd_can_insmod --> off
pppd_disable_trans --> off
pptp_disable_trans --> off
privoxy_disable_trans --> off
ptal_disable_trans --> off
pyzord_disable_trans --> off
radiusd_disable_trans --> off
radvd_disable_trans --> off
rdisc_disable_trans --> off
read_default_t --> on
readahead_disable_trans --> off
restorecond_disable_trans --> off
rhgb_disable_trans --> off
ricci_disable_trans --> off
ricci_modclusterd_disable_trans --> off
rlogind_disable_trans --> off
rpcd_disable_trans --> off
rshd_disable_trans --> off
rsync_disable_trans --> off
samba_enable_home_dirs --> off
samba_share_nfs --> off
saslauthd_disable_trans --> off
secure_mode_insmod --> off
secure_mode_policyload --> on
setrans_disable_trans --> off
setroubleshootd_disable_trans --> off
slapd_disable_trans --> off
smbd_disable_trans --> off
snmpd_disable_trans --> off
spamd_disable_trans --> off
spamd_enable_home_dirs --> on
squid_connect_any --> off
squid_disable_trans --> off
stunnel_disable_trans --> off
stunnel_is_daemon --> off
swat_disable_trans --> off
syslogd_disable_trans --> on
tcpd_disable_trans --> off
telnetd_disable_trans --> off
tftpd_disable_trans --> off
tzdata_disable_trans --> off
udev_disable_trans --> off
use_lpd_server --> off
use_nfs_home_dirs --> off
use_samba_home_dirs --> off
uucpd_disable_trans --> off
winbind_disable_trans --> off
xdm_disable_trans --> off
xend_disable_trans --> off
xfs_disable_trans --> off
xm_disable_trans --> off
ypbind_disable_trans --> off
yppasswdd_disable_trans --> off
ypserv_disable_trans --> off
ypxfr_disable_trans --> off
zebra_disable_trans --> off
-------------------------


I have attached /etc/selinux/config . it is enforcing state and targeted .

Could you please explain step by step to correct the problem. I am not well verse in RHEL. I am basic learner. Could you please do the needful
 
Old 03-20-2009, 12:42 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,377

Rep: Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755
You've got a typo:

as per your list, its syslogd_disable_trans, not syslog_disable_trans ie syslogd_... not syslog_... note the d for daemon there.
 
Old 03-20-2009, 01:56 AM   #5
spbalamurugan
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Original Poster
Rep: Reputation: 0
SELinux

Thanks for pointing my mistake. I have tried it with following command with syslogd.

[root@localhost ~]# setsebool -P syslogd_disable_trans=0

libsemanage.bool_commit_list: libselinux commit failed
libsemanage.bool_commit_list: could not commit boolean list
libsemanage.dbase_activedb_flush: could not flush active database
libsemanage.semanage_commit_components: could not commit local/active modifications
Could not change policy booleans
---------------------
[root@localhost ~]# setsebool -P syslogd_disable_trans=off
libsemanage.bool_commit_list: libselinux commit failed
libsemanage.bool_commit_list: could not commit boolean list
libsemanage.dbase_activedb_flush: could not flush active database
libsemanage.semanage_commit_components: could not commit local/active modifications
Could not change policy booleans
-------------------

Could you please do the needful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM
want to know about SElinux mrgkavitha Linux - Kernel 3 12-19-2008 11:25 AM
SELinux Vagrant Arch 3 02-24-2006 09:06 PM
what is selinux? mesh2005 Linux - General 2 01-04-2006 11:33 AM
selinux.h ? DJ Shaji Red Hat 1 03-26-2005 12:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration