Allow logrotate to access container_file_t files

Since we write logs directly from within containers, logrotate must be able to access them. Change-Id: I2a06cdcda92b2839d74373d6978ef65e7b4dedbd Closes-Bug: #1836000 (cherry picked from commit b81bec56f2) (cherry picked from commit c8ad086ba1)
2019-07-10 08:09:10 +02:00 · 2019-07-10 08:09:10 +02:00 · 0d991c9e1c
parent 59e4b8140a
commit 0d991c9e1c
1 changed files with 8 additions and 0 deletions
--- a/docker/services/logrotate-crond.yaml
+++ b/docker/services/logrotate-crond.yaml
@ -70,6 +70,14 @@ outputs:
        tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
        tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
        tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
+
+      host_prep_tasks:
+        - name: allow logrotate to read inside containers
+          seboolean:
+            name: logrotate_read_inside_containers
+            persistent: yes
+            state: yes
+
      deploy_steps_tasks:
        - name: configure tmpwatch on the host
          when: step|int == 2