why syslog-ng cannot startup with SELinux TYPE syslogd_exec_t?

Question

I have syslog-ng installed on CentOS 5.7 system with SELinux enforcing.

i cannot startup syslog-ng service by "service syslog-ng start", because of the error:

[root@localhost ~]# service syslog-ng start
Starting syslog-ng: 
GThread-ERROR **: file gthread-posix.c: line 135 (): error 'Operation not permitted' during 'pthread_getschedparam (pthread_self(), &policy, &sched)'
aborting...
                                                           [FAILED]

i checked by google and get as below:

This is probably related to your SELinux policy, which does not allow syslog-ng  get the scheduler parameters. 

and i can see SELinux type by

[root@localhost ~]# ls -lZ /sbin/syslog*
-rwxr-xr-x  root root system_u:object_r:syslogd_exec_t /sbin/syslogd
-rwxr-xr-x  root root system_u:object_r:syslogd_exec_t /sbin/syslog-ng

but with the same SELinux type "syslogd_exec_t", syslogd can be startup by "service syslog start", why SELinux cannot allow syslog-ng startup? i think they all need to get "scheduler parameter".

and how could i make syslog-ng works with SELinux type "syslogd_exec_t", because natually they all works for syslog mechanism.

thanks, EM

Answer 1

Look at /var/log/audit/audit.log to see what actions (if any) have been denied by SE Linux.

If SE Linux has denied access then the command "audit2allow" can be used to generate policy to allow those actions. Don't blindly allow all operations, just allow the ones that seem relevant.