CentOS - Feb 2018 - selinux policy with rsyslog and tls/certs

I've setup my rsyslog server to forward traffic to another rsyslog 
server on my network. It's using gTLS to encrypt the messages in transit.

selinux is not allowing rsyslogd to read the certificates. They are 
world readable, so I don't think that is the problem. When I turn 
selinux mode to permissive, it works fine.

What context should the ssl certificates be in for rsyslog to be able to 
read them?

thanks.

On 2/13/2018 4:48 PM, John Ratliff wrote:
> I've setup my rsyslog server to forward traffic to another rsyslog 
> server on my network. It's using gTLS to encrypt the messages in
transit.
> 
> selinux is not allowing rsyslogd to read the certificates. They are 
> world readable, so I don't think that is the problem. When I turn 
> selinux mode to permissive, it works fine.
> 
> What context should the ssl certificates be in for rsyslog to be able to 
> read them?
> 
It worked when I set it to syslog_conf_t. Not sure if that's correct, 
but it functions.