named log with selinux

Farkas Levente lfarkas at bppiac.hu
Wed Mar 23 08:54:07 UTC 2005 

hi,
it seems there is no named_log_t defined in the current selinux policy 
files (both on rhel4 and fc3). it would be useful to define such even if 
the current default named don't log enything somebody (like me) would 
like to log something. and got the following errors:
---------------------------------
Mar 23 09:40:34 blue kernel: audit(1111567234.309:0): avc:  denied  { 
search } for  pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 
scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t 
tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'update_log' file 
'/var/log/named-update': permission denied
Mar 23 09:40:34 blue kernel: audit(1111567234.309:0): avc:  denied  { 
search } for  pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 
scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t 
tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'query_log' file 
'/var/log/named-query': permission denied
Mar 23 09:40:34 blue kernel: audit(1111567234.310:0): avc:  denied  { 
search } for  pid=2775 exe=/usr/sbin/named name=log dev=md0 ino=4669462 
scontext=root:system_r:named_t tcontext=system_u:object_r:var_log_t 
tclass=dir
Mar 23 09:40:34 blue named[2774]: logging channel 'security_log' file 
'/var/log/named-auth': permission denied
---------------------------------
what more (i don't know why) when i try to relabel the log files to 
named_t i've got these errors:
---------------------------------
Mar 23 09:50:54 blue kernel: audit(1111567854.706:0): avc:  denied  { 
relabelto } for  pid=2922 exe=/usr/bin/chcon name=named-auth dev=md0 
ino=4670608 scontext=root:system_r:unconfined_t 
tcontext=root:object_r:named_t tclass=file
Mar 23 09:50:54 blue kernel: audit(1111567854.707:0): avc:  denied  { 
relabelto } for  pid=2922 exe=/usr/bin/chcon name=named-query dev=md0 
ino=4670491 scontext=root:system_r:unconfined_t 
tcontext=root:object_r:named_t tclass=file
Mar 23 09:50:54 blue kernel: audit(1111567854.707:0): avc:  denied  { 
relabelto } for  pid=2922 exe=/usr/bin/chcon name=named-update dev=md0 
ino=4669631 scontext=root:system_r:unconfined_t 
tcontext=root:object_r:named_t tclass=file
---------------------------------
any tip?
thanks in advance.
yours.


-- 
   Levente                               "Si vis pacem para bellum!"

More information about the fedora-devel-list mailing list