Allow logrotate to access container_file_t files

Since we write logs directly from within containers, logrotate must be able to access them. Change-Id: I2a06cdcda92b2839d74373d6978ef65e7b4dedbd Closes-Bug: #1836000 (cherry picked from commit b81bec56f2) (cherry picked from commit c8ad086ba1) (cherry picked from commit 0d991c9e1c)
2019-07-10 08:09:10 +02:00 · 2019-07-10 08:09:10 +02:00 · 0f51fab0c2
parent df4781e49d
commit 0f51fab0c2
1 changed files with 6 additions and 0 deletions
--- a/docker/services/logrotate-crond.yaml
+++ b/docker/services/logrotate-crond.yaml
@ -71,6 +71,12 @@ outputs:
        tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
        tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
      host_prep_tasks:
+        - name: allow logrotate to read inside containers
+          seboolean:
+            name: logrotate_read_inside_containers
+            persistent: yes
+            state: yes
+
        - name: configure tmpwatch on the host
          copy:
            dest: /etc/cron.daily/containers-tmpwatch