Permission Denied (13) on service start

[agrajag9]

I'm using RHEL 5 and when attempting to start syslog-ng (version 2.0.10) it gives me this error:

Code:

Restarting syslog-ng: Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'

Then if I check the status, it says it's running.

Here's my /etc/syslog-ng/syslog-ng.conf file:

Code:

# $Id: client-syslog-ng.conf,v 1.4 2005/10/23 18:36:10 jmates Exp $
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost. Listens only on localhost interface;
# requires "logs" user and group on system.
#
# Local logs are stored under /var/log/archive in a syslog-ng specific
# format that includes facility, priority, and a timestamp that includes
# the year.

options {
  log_fifo_size(4096);

  group(logs);
  dir_group(logs);

  create_dirs(yes);
  dir_perm(0750);
  perm(0640);
  use_time_recvd(no);

  use_fqdn(yes);
  chain_hostnames(no);
  keep_hostname(yes);

  stats(3600);
};

source local {
  unix-stream("/dev/log" max_connections(150));
  udp(ip(127.0.0.1) port(514));
  internal();
};

# all logs to loghost via TCP
filter notdebug { level(info...emerg); };
destination loghost { tcp("10.100.50.31" port(514)); };
log { source(local); destination(loghost); };

# emergency to more locations by default
filter emergency { level(emerg); };
destination allusers { usertty("*"); };
log { source(local); filter(emergency); destination(allusers); };

destination d_cons { file("/dev/console"); };
log { source(local); filter(emergency); destination(d_cons); };

# alternate locations for other logs to avoid need to logrotate and HUP
destination d_mesg {
  file( "/var/log/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};
destination d_mail {
  file( "/var/log/archive/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};

#filter f_e {
#not(facility(cron) and priority(info));
#};

filter f_filter1 { level(info...emerg) and not facility(mail); };
filter f_filter2 { facility(mail); };

log { source(local); filter(f_filter1); destination(d_mesg); };
log { source(local); filter(f_filter2); destination(d_mail); };

The permissions are -rw-r--r-- 1 root 1962 Jun  1 21:42 syslog-ng.conf

[mutex]

Do you have app armor running?

Did it work previously, and now doesn't work?

[agrajag9]

The system is using SElinux rather than AppArmor, and the config file was copied from another machine where it's working fine.

[mutex]

SElinux has app armor that is most likely preventing the file from being read.  Try turning off app armor and restart syslog-ng

[agrajag9]

 Incidentally, an upgrade to version 3 fixed the issue...

[mutex]

That is bizarre.  Thanks for coming back and letting me know how it turned out.