Hi Jason,
----- Original Message -----
From: "jason" <jtfas90(a)gmail.com>
To: selinux(a)lists.fedoraproject.org
Sent: Friday, December 11, 2015 2:51:48 PM
Subject: logrotate and unlabeled_t
Hi All,
I am attempting to use logrotate to rotate a log file with the
unlabeled_t context, as it turns out SELinux is not happy about this
and denies logrotate access to the log file.
unlabeled_t in this case would indicate the file has no security context
What's the preferred method here to allow access? I used
audit2allow
and installed the .pp but but was reading some docs[0] and wanted to
double check my solution.
Label the file with the appropriate logfile type supported by logrotate
sesearch -A -s logrotate_t -c file
The points in the docs were that I wanted to check on were
"Missing TE
rules are usually caused by bugs in SELinux policy and should be
reports.." Should I report my particular instance as a bug?
"Modules created with audit2allow may allow more access than required.
It is recommended that policy created with audit2allow be posted to the
upstream SELinux list for review."
Thanks in advance!
JT
[
0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Li
nux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security-
Enhanced_Linux-Troubleshooting-Fixing_Problems.html
--
selinux mailing list
selinux(a)lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
--
Simon Sekidde * Red Hat, Inc. * Westford, MA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E