logrotate: fix permission denied problem with SELinux on /var/opt/check_health.log #3

New Issue

patrick · 2019-05-30T11:03:48+02:00

patrick commented

2019-05-30 11:03:48 +02:00

/etc/cron.daily/logrotate:

error: stat of /var/opt/hc/check_health.sh.log failed: Permission denied

``` /etc/cron.daily/logrotate: error: stat of /var/opt/hc/check_health.sh.log failed: Permission denied ```

patrick self-assigned this 2019-05-30 11:03:48 +02:00

patrick added the

bug

linux

labels 2019-05-30 11:03:48 +02:00

patrick commented

2019-06-06 20:57:42 +02:00

Fix should be:

semanage fcontext -a -t var_log_t '/var/opt/hc(/check_health\.sh\.log.*)?'
restorecon -Frv /var/opt/hc/

But only when SELinux runs in enforced mode

Fix should be: ``` semanage fcontext -a -t var_log_t '/var/opt/hc(/check_health\.sh\.log.*)?' restorecon -Frv /var/opt/hc/ ``` But only when SELinux runs in *enforced* mode

patrick commented

2019-06-07 21:29:57 +02:00

How to create a new policy module:

# ausearch -c 'logrotate' --raw | audit2allow -M my-logrotate
# semodule -i my-logrotate.pp

How to create a new policy module: ``` # ausearch -c 'logrotate' --raw | audit2allow -M my-logrotate # semodule -i my-logrotate.pp ```

patrick closed this issue

2019-06-07 21:29:57 +02:00

patrick reopened this issue

2019-06-07 21:30:42 +02:00

patrick commented

2019-06-07 22:01:52 +02:00

Fixed in c08d63cb34

Fixed in c08d63cb34

patrick closed this issue

2019-06-07 22:01:52 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kudos/check_health#3