diff --git a/build/linux/ARCH/hc-linux/.install b/build/linux/ARCH/hc-linux/.install index c99fce2..1e3bf30 100644 --- a/build/linux/ARCH/hc-linux/.install +++ b/build/linux/ARCH/hc-linux/.install @@ -40,6 +40,34 @@ post_install() { else echo "ERROR: could not locate or excute the HC main script (${HC_BIN})" fi + # set SELinux contexts for logrotate + SESTATUS_BIN=$(command -v sestatus 2>/dev/null) + if [[ -n "${SESTATUS_BIN}" ]] + then + IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null) + if (( IS_ENFORCING > 0 )) + then + SEMANAGE_BIN=$(command -v semanage 2>/dev/null) + if [[ -n "${SEMANAGE_BIN}" ]] + then + ${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?" + echo "INFO: SELinux fcontexts configured for log rotation" + if [[ -d ${HC_VAR_DIR} ]] + then + RESTORECON_BIN=$(command -v restorecon 2>/dev/null) + if [[ -n "${RESTORECON_BIN}" ]] + then + ${RESTORECON_BIN} -Frv ${HC_VAR_DIR} + echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation" + else + echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation" + fi + fi + else + echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation" + fi + fi + fi echo "INFO: finished post-install script" } diff --git a/build/linux/DEBIAN/hc-linux/postinst b/build/linux/DEBIAN/hc-linux/postinst index d8d990c..2419d98 100755 --- a/build/linux/DEBIAN/hc-linux/postinst +++ b/build/linux/DEBIAN/hc-linux/postinst @@ -43,4 +43,32 @@ then else echo "ERROR: could not locate or excute the HC main script (${HC_BIN})" fi +# set SELinux contexts for logrotate +SESTATUS_BIN=$(command -v sestatus 2>/dev/null) +if [[ -n "${SESTATUS_BIN}" ]] +then + IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null) + if (( IS_ENFORCING > 0 )) + then + SEMANAGE_BIN=$(command -v semanage 2>/dev/null) + if [[ -n "${SEMANAGE_BIN}" ]] + then + ${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?" + echo "INFO: SELinux fcontexts configured for log rotation" + if [[ -d ${HC_VAR_DIR} ]] + then + RESTORECON_BIN=$(command -v restorecon 2>/dev/null) + if [[ -n "${RESTORECON_BIN}" ]] + then + ${RESTORECON_BIN} -Frv ${HC_VAR_DIR} + echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation" + else + echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation" + fi + fi + else + echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation" + fi + fi +fi echo "INFO: finished post-install script" diff --git a/build/linux/SPECS/hc-linux.spec b/build/linux/SPECS/hc-linux.spec index 35b428e..f4ff623 100644 --- a/build/linux/SPECS/hc-linux.spec +++ b/build/linux/SPECS/hc-linux.spec @@ -88,6 +88,34 @@ then else echo "ERROR: could not locate or excute the HC main script (${HC_BIN})" fi +# set SELinux contexts for logrotate +SESTATUS_BIN=$(command -v sestatus 2>/dev/null) +if [[ -n "${SESTATUS_BIN}" ]] +then + IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null) + if (( IS_ENFORCING > 0 )) + then + SEMANAGE_BIN=$(command -v semanage 2>/dev/null) + if [[ -n "${SEMANAGE_BIN}" ]] + then + ${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?" + echo "INFO: SELinux fcontexts configured for log rotation" + if [[ -d ${HC_VAR_DIR} ]] + then + RESTORECON_BIN=$(command -v restorecon 2>/dev/null) + if [[ -n "${RESTORECON_BIN}" ]] + then + ${RESTORECON_BIN} -Frv ${HC_VAR_DIR} + echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation" + else + echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation" + fi + fi + else + echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation" + fi + fi +fi echo "INFO: finished post-install script" %postun