[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20050405: syslogd logging under Fedora Core 3 Linux (cont.)



>From: Waldenio Almeida <address@hidden>
>Organization:  INPE/CPTEC
>Keywords:  200504041938.j34Jc9v2029396 LDM Fedora Core 3 syslog

Hi Waldenio,

re:
>> Under Fedora Core 3, there is an additional configuration that
>> must be done for the LDM syslogd logging to work (by default
>> syslogd is restricted to log for a certain set of facilities
>> and in a restricted of directories; this must be changed):
>> 
>> <as 'root'>
>> cd /etc/selinux
>> 
>> -- modify the file 'config' and set the value of SELINUX to be
>>    'disabled':
>> 
>> SELINUX=disabled
>> 
>> You will need to reboot to make this modification active to get syslogd
>> logging working..
>
>
>Sorry, this didn't work. :-(

It is odd that setting SELINUX to 'disabled' did not work on your system.
Did you reboot after the modification?

Is it possible that you added a second SELINUX= line to the file instead
of changing the original line from:

SELINUX=enforcing

to:

SENINUX=disabled

We are running the LDM on about 10 Fedora Core 3 Linux systems, and in each
case we were able to get syslogd logging to work by making sure that the
definition of SELINUX was 'disabled' in /etc/selinux/config.  In all cases,
a reboot was necessary for the change to take effect.

For reference, our /etc/selinux/config files all look like:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcinfg - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled

# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=strict 

>>From address@hidden  Tue Apr  5 07:02:59 2005
>
>Hello.
>
>I just manage to do the syslogd to work ! :-)
>
>I find a line before that I added:
>
>SELINUX=enforcing
>
>and commented it (!)

This was the line I was advising you to change:

change from:

SELINUX=enforcing

to:

SELINUX=disabled

>> and in a restricted of directories; this must be changed):
>> 
>> <as 'root'>
>> cd /etc/selinux
>> 
>> -- modify the file 'config' and set the value of SELINUX to be
>>    'disabled':
>> 
>> SELINUX=disabled
>> 
>> You will need to reboot to make this modification active to get syslogd
> logging working..

Cheers,

Tom
--
NOTE: All email exchanges with Unidata User Support are recorded in the
Unidata inquiry tracking system and then made publicly available
through the web.  If you do not want to have your interactions made
available in this way, you must let us know in each email you send to us.

>Date: Tue, 05 Apr 2005 11:14:52 -0300
>From: Waldenio Almeida <address@hidden>
>Subject: selinux ok.

>Hi Tom,

>You're right. Before I add a line.

>Now I change the line and added these
>instructions to my guide. 

>Thanks,
>Waldenio.