Write selinux denials in separate file

Use sova for discovering selinux denials and write them to selinux_denials.log Change-Id: I371b7f6bf3e72dbdf8dabbd6fac2bfe881358bc1
2020-10-02 03:28:37 +03:00 · 2020-10-02 03:28:37 +03:00 · 480e33bd9a
parent 1ccb086b64
commit 480e33bd9a
1 changed files with 7 additions and 1 deletions
--- a/tasks/sova.yml
+++ b/tasks/sova.yml
@ -13,6 +13,12 @@
      "ironic-conductor": "/var/log/containers/ironic/ironic-conductor.log"
      syslog: "/var/log/journal.txt"
      logstash: "/var/log/extra/logstash.txt"
-      selinux: "/var/log/extra/denials.txt"
    result: "{{ ansible_user_dir }}/workspace/logs/failures_file"
    result_file_dir: "{{ ansible_user_dir }}/workspace/logs"
+
+- name: Run sova task
+  sova:
+    config: "{{ pattern_config }}"
+    files:
+      selinux: "/var/log/extra/denials.txt"
+    result: "{{ ansible_user_dir }}/workspace/logs/selinux_denials.log"