Bug 1016384
| Summary: | The owner of /var/log/openshift/site/devenv.log file is not consistant with other log file. | ||
|---|---|---|---|
| Product: | OpenShift Online | Reporter: | Yujie Zhang <yujzhang> |
| Component: | Website | Assignee: | Jessica Forrester <jforrest> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | libra bugs <libra-bugs> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 2.x | CC: | jforrest, xtian |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-24 03:23:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Yujie Zhang
2013-10-08 05:28:01 UTC
Commit pushed to master at https://github.com/openshift/li https://github.com/openshift/li/commit/61f9e584f25bbcd5eeac9829f3a1c14a4c548341 Bug 1016384 - fix the owner of the site devenv.log file Tested on devenv_4030, the owner of the site devenv.log file has been changed to be root, so verify this bug, result is as following: [root@ip-10-100-215-134 ~]# ls -l /var/log/openshift/*/* -rw-rw----. 1 root libra_user 15885 Nov 13 21:31 /var/log/openshift/broker/development.log -rw-rw----. 1 root libra_user 0 Nov 13 18:57 /var/log/openshift/broker/production.log -rw-rw----. 1 root libra_user 14863 Nov 13 19:06 /var/log/openshift/broker/ruby193-mcollective-client.log -rw-rw----. 1 root libra_user 0 Nov 13 18:57 /var/log/openshift/broker/usage.log -rw-rw----. 1 root libra_user 6001 Nov 13 21:31 /var/log/openshift/broker/user_action.log -rw-rw----. 1 root root 102330 Nov 13 22:06 /var/log/openshift/node/cgroups.log -rw-rw----. 1 root root 0 Nov 13 19:00 /var/log/openshift/node/cgroups-trace.log -rw-rw----. 1 root root 31003 Nov 13 21:10 /var/log/openshift/node/platform.log -rw-rw----. 1 root root 32176 Nov 13 21:10 /var/log/openshift/node/platform-trace.log -rw-rw----. 1 root libra_user 0 Nov 13 18:58 /var/log/openshift/site/development.log -rw-rw----. 1 root libra_user 24943 Nov 13 21:35 /var/log/openshift/site/devenv.log -rw-rw----. 1 root libra_user 0 Nov 13 18:58 /var/log/openshift/site/production.log Commit pushed to master at https://github.com/openshift/li https://github.com/openshift/li/commit/b244735885cf2de7d19997a71b6aa17797b71a5f rhc-devenv: Create devenv.log file Create an empty /var/log/openshift/site/devenv.log file. Otherwise, httpd fails to create devenv.log and instead generates AVC denials because httpd runs with an SELinux context with type httpd_t, /var/log/openshift/site has an SELinux context with type openshift_log_t, and current SELinux policy blocks an httpd_t process from writing to an openshift_log_t directory: % sesearch -A -s httpd_t -t openshift_log_t -c dir Found 1 semantic av rules: allow httpd_t file_type : dir { getattr search open } ; If the file exists, then SELinux policy does permit httpd to write to it: % sesearch -A -s httpd_t -t openshift_log_t -c file Found 1 semantic av rules: allow daemon logfile : file { ioctl getattr lock append } ; This commit is related to bug 1016384 and commit 61f9e584f25bbcd5eeac9829f3a1c14a4c548341. |