[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(Fwd) Re: more things to do



Brian and John,

Thanks for the research.  This information is useful for our support
staff to be aware of and would be good for the tracking system too.
As such, I'll forward the relevant portions;

mike

> The bette syslog problem is a little more complicated.  Fedora Core 3
> now ships with a security enhanced kernel called selinux which prevents
> users from accessing parts of the filesystem.  These restrictions
> include the root user and also control what can write where.
>
> I worked with Steve to pinpoint the symptoms.  There were two:
>
> 1) The syslog daemon, even though it is running as root, can not write
> to a file in a directory unless the file is either owned by root or the
> file has group write permissions.
>
> 2) The syslog daemon does not write to files outside of /var/log.
>
> To fix the problem, John suggested changing the /etc/selinux/config file
> so that SELINUX was set to disabled or permissive and rebooting (as it
> is a kernel module).  This got rid of the symptoms, but disabled the FC3
> security features.  I told Steve I would look into the selinux
> configuration to see if I could suggest a way to open the permissions
> slightly instead of turning the service off.