Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: nixnut <nixnut@×××××××.nl>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] syslog-ng wants to read /proc/kmsg. why?
Date: Sun, 15 Aug 2004 13:39:07
Message-Id: 411F67E6.6090706@tiscali.nl
1 Hello,
2
3 Googling and bugs.gentoo.org didn't help so I'm trying here.
4
5 For some reason syslog-ng finds it necessary to write to /proc/kmsg. The
6 policy does not allow this, so syslog-ng fails to start. Syslog-ng
7 complains that it can't open /proc/kmsg for reading, but according to
8 the policy it does have the rights to do so.
9
10 changing "allow syslogd_t proc_kmsg_t:file { getattr read};" in
11 syslog.td into "allow syslogd_t proc_kmsg_t:file { getattr read write};"
12 gets rid of the error, but why does syslog-ng need write access to
13 /proc/kmsg? That doesn't make sense to me.
14
15 Is the policy on my system wrong or is syslog-ng configured wrong?
16 Looking at syslog-ng.conf it looks like syslog-ng doesn't open
17 /proc/kmsg as a file, but as a socket. Is that causing the problem or is
18 it something else?
19 Changing syslog-ng.conf and replace "pipe" with "file" results in
20 complaints about failing socket operations on non-socket objects, so
21 that doesn't help either.
22
23
24 avc message:
25 -----------------
26 avc: denied { write } for pid=5029 exe=/usr/sbin/syslog-ng name=kmsg
27 dev= ino=4106 scontext=system_u:system_r:syslogd_t
28 tcontext=system_u:object_r:proc_kmsg_t tclass=file
29
30
31 >From syslog.td:
32 --------------------
33 ifdef(`klogd.te', `', `
34 # Allow access to /proc/kmsg for syslog-ng
35 allow syslogd_t proc_t:dir search;
36 allow syslogd_t proc_kmsg_t:file { getattr read};
37 allow syslogd_t kernel_t:system { syslog_mod syslog_console };
38
39
40 From /etc/syslog-ng/syslog-ng.conf:
41 --------------------------------------------
42 source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
43
44
45 System config:
46 --------
47 kernel hardened-dev-sources-2.6.5
48 syslog-ng-1.6.4
49 x86 arch (athlon-tbird)
50
51
52 If someone can help me understand what's going on and what should be
53 done to get syslog-ng running without complaints, I'd be most grateful.
54
55 regards,
56 nixnut
57
58 --
59 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] syslog-ng wants to read /proc/kmsg. why? Chris PeBenito <pebenito@g.o>
Report Message
Find on MARC Find on Google Groups