Set context for unbound.log on selinux systems
I4f3265c16320613d4ba74a02df1361c5d9cf2fb1 moved this file to /var/lib/unbound on selinux systems, as it was getting permissions errors trying to write into /var/log. This turns out to make it harder to collect the logs from projects like devstack. It's simpler if we just have the log file in a consistent place. On selinux systems, set the context, and revert things to just writing into /usr/log/unbound.log Change-Id: I6bb58ef0d6bf4cbbb7fd4066e01b7a01d05009c3
This commit is contained in:
parent
504d33b399
commit
4be8c66630
|
@ -68,16 +68,10 @@ mv /tmp/forwarding.conf /etc/unbound/
|
|||
chown root:root /etc/unbound/forwarding.conf
|
||||
chmod a+r /etc/unbound/forwarding.conf
|
||||
|
||||
if [[ "$DISTRO_NAME" =~ (centos|rhel7|fedora|openeuler|rocky) ]] ; then
|
||||
LOG_FILE="/var/lib/unbound/unbound.log"
|
||||
else
|
||||
LOG_FILE="/var/log/unbound.log"
|
||||
fi
|
||||
|
||||
UNBOUND_LOGGING_CONF="\
|
||||
server:
|
||||
chroot: \"\"
|
||||
logfile: \"$LOG_FILE\"
|
||||
logfile: \"/var/log/unbound.log\"
|
||||
# Log debug messages
|
||||
verbosity: 5"
|
||||
echo "$UNBOUND_LOGGING_CONF" > /tmp/unbound-logging.conf
|
||||
|
@ -99,6 +93,14 @@ chmod a+r $UNBOUND_CONFD/unbound-logging.conf
|
|||
touch /var/log/unbound.log
|
||||
chown unbound /var/log/unbound.log
|
||||
chmod 0644 /var/log/unbound.log
|
||||
# NOTE(ianw) 2022-05-22 : not 100% sure why but emperically unbound
|
||||
# runs under named context. Generally it doesn't log here on rhel-ish
|
||||
# distros, but for consistency it's much easier if we just have one
|
||||
# log file in the same place across distros. Thus set the context to
|
||||
# allow it.
|
||||
if [[ -e /usr/bin/chcon ]]; then
|
||||
chcon -t named_log_t /var/log/unbound.log
|
||||
fi
|
||||
|
||||
if [[ "$DISTRO_NAME" =~ (opensuse) ]] ; then
|
||||
# NOTE(ianw) 2021-03-17 : something about building the suse chroot
|
||||
|
|
Loading…
Reference in New Issue