Re: logrotate and unlabeled_t

From: "jason" <jtfas90(a)gmail.com&gt; To: selinux(a)lists.fedoraproject.org Sent: Friday, December 11, 2015 2:51:48 PM Subject: logrotate and unlabeled_t Hi All, I am attempting to use logrotate to rotate a log file with the unlabeled_t context, as it turns out SELinux is not happy about this and denies logrotate access to the log file.

What's the preferred method here to allow access? I used audit2allow and installed the .pp but but was reading some docs[0] and wanted to double check my solution.

The points in the docs were that I wanted to check on were "Missing TE rules are usually caused by bugs in SELinux policy and should be reports.." Should I report my particular instance as a bug? "Modules created with audit2allow may allow more access than required. It is recommended that policy created with audit2allow be posted to the upstream SELinux list for review." Thanks in advance! JT [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Li nux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security- Enhanced_Linux-Troubleshooting-Fixing_Problems.html -- selinux mailing list selinux(a)lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org