selinux question

Wed Oct 28 23:51:07 UTC 2015

On 10/28/2015 03:56 PM, Paolo Galtieri wrote:
> I have 2 systems running f22.  On these 2 systems I have setup snort. On
> both these systems snort logs to directory /var/log/snort.  On both
> these systems /var/log/snort is owned by user snort and group snort.
> However, on one of the systems I cannot write to /var/log/snort as user
> snort.
>
> On the system that works
>
> /bin/ls -ldZ /var/log/snort
>
> lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 34 Oct 22
> 12:54 /var/log/snort -> /media/NSM/NSM-SENSOR-1/logs/snort
>
> /bin/ls -ldZ /media/NSM/NSM-SENSOR-1/logs/snort
> drwxr-xr-x. 2 snort snort unconfined_u:object_r:colord_var_lib_t:s0 4096
> Oct 27 10:50 /media/NSM/NSM-SENSOR-1/logs/snort
>
>
> On the system that fails
>
> /bin/ls -ldZ /var/log/snort
> lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 44 Oct 24
> 17:29 /var/log/snort -> /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
>
> /bin/ls -ldZ /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
> drwxr-xr-x. 2 snort snort unconfined_u:object_r:unlabeled_t:s0 4096 Oct
> 28 15:31 /run/media/pgaltieri/NEWDATA2/NSM/logs/snort
>
> Note that on the failing system the selinux context shows the directory
> has unlabeled_t context while on the working system it's
> colord_var_lib_t.  I set this at some point (I think), but I forget how
> I did it :-(
>
> I have also set up user snort so that I can login to the account and I get
>
> su - snort
> Password:
> su: warning: cannot change directory to /var/log/snort: Permission denied
> -bash: /var/log/snort/.bash_profile: Permission denied
>
> I can write to the directory if I do
>
> sudo touch /var/log/snort/testfile
>
> So what do I need to do to fix this so I can get snort to write to it's
> log directory?
>
> Any assistance is appreciated.

Check the permissions and ownership of each component in the path
/run/media/pgaltieri/NEWDATA2/NSM/logs/snort. One of the components
is either not permitting read or execute (traverse in the case of
directories) permission to user snort in the case of the .bashrc
or write or execute permission to user snort in the case of trying
to write log files. I don't think it's an selinux issue per se.

Note that "sudo touch" does that as root and root can do anything it
wants (as long as selinux permits it).
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
- Grabel's Law: 2 is not equal to 3--not even for large values of 2. -
----------------------------------------------------------------------