Bug 1064326
Summary: | SELinux prevents logrotate from reading /var/log/core directory | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Milos Malik <mmalik> | |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 6.5 | CC: | dwalsh, paulds, ssekidde | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.7.19-249.el6 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1064322 | |||
: | 1153333 (view as bug list) | Environment: | ||
Last Closed: | 2014-10-14 08:00:06 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1131460, 1153333 |
Description
Milos Malik
2014-02-12 12:36:20 UTC
No matter when bz#1066407 gets fixed, the /var/log/core directory should be labeled virt_log_t. sesearch -T | grep virt_cache_t type_transition svirt_tcg_t var_t : file virt_cache_t; type_transition svirt_t var_t : file virt_cache_t; type_transition svirt_tcg_t var_t : dir virt_cache_t; type_transition svirt_t var_t : dir virt_cache_t; THe only way I now of create a virt_cache_t dir would be via a filetrans rule from a var_t, could /var/log have been mislabeled as var_t rather then var_log_t? The problem is in the package, it brings own labeling pattern (see also bz#1066407): # rpm -q --scripts vdsm | grep semanage /usr/sbin/semanage fcontext -a -t virt_cache_t '/var/log/core(/.*)?' # Ok. *** Bug 1097400 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1568.html |