+++ This bug was initially created as a clone of Bug #1669146 +++ Description of problem: In OpenStack, in order to make a containerized haproxy log into a file, one must use rsyslog on the host and write a dedicated config file to log into /var/log/containers/haproxy/ For our OpenStack deployment, the location for all logs is in /var/log/containers/, and the parent directory /var/log/containers is mounted with ":rw,z" flag by the crontab container, meaning all the content will see its context switched to container_file_t. This context currently prevents rsyslog writing haproxy logs in the standard location /var/log/containers/haproxy. A fix is available upstream [1] to allow writing to such location. [1] https://github.com/redhat-openstack/openstack-selinux/pull/20 How reproducible: Always Steps to Reproduce: 1. Enable SELinux and deploy OSP13 with https://review.openstack.org/620601 Actual results: logs can't be written to the expected location Expected results: logs should be written to expected location Additional info: The PR mentionned above has been merged upstream
*** Bug 1672194 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0591