[DSE-User] avc: denied { search } for pid=1177 comm="rsyslogd" name="spool"

Eggert Ehmke eggert.ehmke at berlin.de
Sun Mar 4 16:35:34 UTC 2012 

Hello, I am new to SELinux and installed the debian packages on a running 
stable (6.0.4 Squeeze) Intel Quadcore 64bit system, following this guide: 
http://wiki.debian.org/SELinux/
The installation went smoothly, no problems so far. But when I reboot the 
system in enforcing mode, the boot process will die when trying to load the 
lvm2. When booted in permissive mode, I get these errors in dmesg:

[   10.937036] type=1400 audit(1330856386.116:7): avc:  denied  { search } for  
pid=1177 comm="rsyslogd" name="spool" dev=dm-0 ino=425985 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
[   10.955520] type=1400 audit(1330856386.131:8): avc:  denied  { write } for  
pid=1177 comm="rsyslogd" name="dev" dev=dm-0 ino=442375 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
[   10.955565] type=1400 audit(1330856386.131:9): avc:  denied  { add_name } 
for  pid=1177 comm="rsyslogd" name="log" 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
[   10.955651] type=1400 audit(1330856386.131:10): avc:  denied  { create } 
for  pid=1177 comm="rsyslogd" name="log" 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file
[   10.967624] type=1400 audit(1330856386.143:11): avc:  denied  { setattr } 
for  pid=1177 comm="rsyslogd" name="log" dev=dm-0 ino=442370 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file

and some more. I guess when I learn how to solve the rsyslogd related 
problems, I will be able to solve the others too. 

I understand that I am supposed to create some local policy rules. But all 
Howtos seem to assume that this is a simple task that must not be explained in 
detail. What am I missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/selinux-user/attachments/20120304/bd5eaeed/attachment.html>

More information about the Selinux-user mailing list